static (inside,Gal_Inside) 10.4.3.205 10.4.3.205 netmask 255.255.255.255 otherwise known as transparent static translation.
However my setup is complex. I am using the cisco router to do natting to the 10.4.3.205 ip which sits behind the pix inside interface.
I am natting this internal ip 10.4.3.205 to the external range of the cisco 871 router which is 10.57.59.195 (This range connects to the pix 10.157.59.194 interface)
ip nat inside source static 10.4.3.205 10.57.59.195
I then will terminate an ipsec vpn from a third party to the pix. Traffic from the third party will then route to the cisco 10.57.59.193/27 interface and then hopefully translate the 10.57.59.195 address to the internal ip 10.4.3.205.
This setup would work on a cisco router but the pix is a different beast.
What do you think my chances of success are?
I can get to the internet from the cisco router so nat outbound works fine.
I am not sure I have understood your setup correctly.
However, I believe what you are describing would work without VPN. You can translate on both the 871 and PIX and it would work just fine. But, if you expect traffic to 10.57.59.195 come through the VPN tunnel, which terminates on the PIX outside, but expect translation for that to be done on the 871 then it wouldn't work as the 871 would be a pass-through device in the IPSEC path.
There's a good chance that I may have misunderstood your setup and in which case can you post a sanitized copy of the PIX and 871 configuration and that would make it much easier to say anything for sure.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :