We have a PIX 525 FW is IOS Ver. 6.3. We are using a 172.x.x.x network in our LAN. We need to establish a VPN tunnel from our firewall to one of our clients firewall. Our client is ready to allow access to his network only if our private ip address are natted to a public ip range. I would like to know how to configure the NAT and IPSec in this kind of scenario. We have done similar configurations using Checkpoint and it works well there. I tried a couple of configurations for NATting as follows over the IPSec tunnel.
access-list acl_outbound permit ip 172.16.1.0 255.255.255.0 10.100.25.0 255.255.255.0
nat (inside) 1 access-list acl_outbound
global (outside) 1 18.104.22.168
In the above configuration 172.16.x.x is my local network and 10.100.x.x is my clients network. When the access-list matches i am natting it to the public ip range. I am specifying the public ip range in my VPN interesting traffic. After i issue this command and save the configurations and when i try to open the PDM i get a message saying "Policy Based NAT is not supported" and the PDM doesnt allow me to do any changes through PDM.
Can somebody let me know how to configure a PIX in this kind of scenario.
G.G. Venkat Raman,
email: [email protected]