Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 515E 6.3(5) VPN client NAT rule


i`m very new to pix and here my simple problem:

i have created a VPNClient pool from the same range as the internal ip range. For example /24 with client VPN pool of - 180. For this i have created a translation rule:

static (inside,outside) netmask 0 0

this worked fine but now i don`t want a pool frome the same network like inside

Now i have created a different IP pool - 180. But now i don`t know how the translation rule looks like?

Is this right?:

static (inside,outside) netmask 0 0

I only want the the clients from outside can connect to the internal network

Hope someone could help.


Re: PIX 515E 6.3(5) VPN client NAT rule

Hi Jason,

You don't need translation for the VPN clients to access the internal LAN.

If the internal LAN is, and if the VPN pool 192.168.1.x, you can do the following:

static (inside,outside) netmask

The problem with the above command is that the internal will not have Internet access.

Normally what you do is this:

access-list nonat permit ip

nat (inside) 0 access-list nonat

nat (inside) 1

global (outside) 1 interface

The above uses Policy NAT to bypass NAT between the internal network and the pool, and then PAT all the internal traffic to the internet.


CreatePlease to create content