Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 515E 6.3(5) VPN client NAT rule

Hi,

i`m very new to pix and here my simple problem:

i have created a VPNClient pool from the same range as the internal ip range. For example 10.0.0.0 /24 with client VPN pool of 10.0.0.150 - 180. For this i have created a translation rule:

static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 0 0

this worked fine but now i don`t want a pool frome the same network like inside

Now i have created a different IP pool 192.168.1.150 - 180. But now i don`t know how the translation rule looks like?

Is this right?:

static (inside,outside) 10.0.0.0 192.168.1.0 netmask 255.255.255.0 0 0

I only want the the clients from outside can connect to the internal network

Hope someone could help.

1 REPLY

Re: PIX 515E 6.3(5) VPN client NAT rule

Hi Jason,

You don't need translation for the VPN clients to access the internal LAN.

If the internal LAN is 10.0.0.0/24, and if the VPN pool 192.168.1.x, you can do the following:

static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0

The problem with the above command is that the internal 10.0.0.0/24 will not have Internet access.

Normally what you do is this:

access-list nonat permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list nonat

nat (inside) 1 10.0.0.0 255.255.255.0

global (outside) 1 interface

The above uses Policy NAT to bypass NAT between the internal network and the pool, and then PAT all the internal traffic to the internet.

Federico.

365
Views
0
Helpful
1
Replies
CreatePlease to create content