- Super Blue, 32500 points or more
Hall of Fame,
Cisco Designated VIP,
2017 LAN, WAN
Pix 515E ver 6.3(3).
I am using the pix to act as a vpn headend device for approx 60 sites ( 10 connected at present). For all of the sites connected so far i have been Natting the incoming source ip addresses. ie.
nat (outside) 1 172.16.1.0 255.255.255.0 outside
nat (outside) 2 172.16.2.0 255.255.255.0 outside
the corresponding global statements have been added
global (inside) 1 10.157.1.10
global (inside) 2 10.157.2.10
There is a static command for the server they are accessing and the vpn connections for these sites work fine.
However i just tried to connect a site who did the nat at their end and although the vpn tunnel came up no traffic was leaving the internal interface of the pix destined for the server for that connection. I then added a NAT & global statement for this connection
nat (outside) 3 10.157.3.10 255.255.255.255 outside
global (inside) 3 10.157.3.10
and the remote end could then access the server.
Should i have to do this and if not what am i missing from the config.
Any help would be much appreciated.