Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX Lan-2-Lan with Nat

Recently, we are trying to setup a L2L connection to a vendor. We are in 192.168.1.0 network but the vendor is in 10.10.100.0 subnet. Because the vendor doesn't want to route my 192.168.1.0 network in their network, they want us to translate our subnet (192.168.1.0) to 10.10.11.0/24 before sending into tunnel. We have a PIX dedicated to this vendor with two interfaces (inside and outside) and is running PIX 6.3(4) code. I've set up LAN to LAN VPN in PIX before but I always see a command line NAT 0 which disables NAT.

Which I need to do to accomplish this (enable NAT in L2L VPN) in my PIX?

Local subnet: 192.168.1.0/24 -> needs to translate to 10.10.11.0

Issue: Vendor wants us to translate our subnet (192.168.1.0) to 10.10.11.0/24 before sending into tunnel.

Remote Subnet: 10.10.100.0/24

1 REPLY
Gold

Re: PIX Lan-2-Lan with Nat

access-list L2L_NAT permit ip 192.168.1.0 255.255.255.0 10.10.100.0 255.255.255.0

nat (inside) 5 access-list L2L_NAT

global (outside) 5 10.10.11.1-10.10.11.254

your crypto map acl will look like the above acl also.

Keep in mind, the remote side will not be able to reliably initiate connections to your side because of the dynamic NAT situation this creates.

Is this an issue for you?

125
Views
0
Helpful
1
Replies
CreatePlease to create content