Can you give me a little bit more information.

I checked policy NAT example on Cisco webpage but I don't see how will it solve my problem. :-(

TIA.

Ruzsi

Hi,

I solved my problem (it seems good with one IP translate now and I'll extend for the whole IP subnet what we use):

access-list acl_out remark Default rule - From Internet to Linux_ssh_server SSH port

access-list acl_out permit tcp OUTSIDE_VPN_Inet 255.255.255.240 interface outside eq ssh log

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface ssh ssh netmask 255.255.255.255 0 0

static (outside,inside) netmask 255.255.255.255 0 0

access-group acl_out in interface outside

access-group acl_in in interface inside

and proxyarp is switched on!

What's your opinion?

TIA,

Ruzsi