Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

pix nat with tunnel

Hi All,

I have posted a couple of times on this already, but still cant quite get my head around it as I seem to be getting more confusing.

All i need to do / know that suppose we have a vpn tunnel working on pix506 perfectly and natting is also being performed well and our "hostA" can connect to there "server A".

But now we have to make "host B" connect to "server B", it's not important that we go through the vpn tunnel to make them talk to each other, i mean without the vpn tunnel can ping "server b" from the pix and thats why i suppose it would not be wise to go through the vpn tunnel for this.

Anyways, how do i do that, check the diagram.

3 REPLIES
Community Member

Re: pix nat with tunnel

Hi kasame,

so if i can understand you right, you would like to get connectivity between Host-B and server-B without passing through the tunnel at all??

if that is true, you need to have a static NAT configured for server-B on the partner firewall to a public IP address, you also need to have some sort of translation for host-B as well on the PIX firewall (if PAT is configured that will do fine)

regards,

Shadi`

Community Member

Re: pix nat with tunnel

thanks shadi,

but what if i want to pass through the tunnel what should i do?

Community Member

Re: pix nat with tunnel

hi,

to do that you need to add the server-B network to the vpn access-list (on both firewalls) that will make the access-list on the PIX look something like this:

permit ip 172.20.2.0 255.255.255.0 10.10.10.0 255.255.255.0 (old line)

permit ip 172.20.2.0 255.255.255.0 1.1.1.0 255.255.255.0 (added new line)

remember that you also need to mirror this access list on the other side to get the tunnel passing both networks.

regards,

Shadi`

187
Views
0
Helpful
3
Replies
CreatePlease to create content