Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ovt Bronze
Bronze

6.3(3) Policy NAT and overlapping netorks design issue

Hi!

Will it be possible in 6.3(3) to do PAT for Internet traffic and static NAT for VPN traffic simulteneously? The latter is needed when two sites have overlapping networks. Dynamic PAT for VPN traffic doesn't solve the problem as it doesn't allow to initiate connections from remote sites.

I think that in order to support simultaneous NAT and PAT from the same inside host PIX should create so-called extended translations (the key to the table is Src+Dest, rather than just Src) from the static. IOS routers can do this. Will it be implemented for PIX? I saw posts, that says "no" for 6.3(2), simulteneous NAT and PAT doesn't work.

Oleg Tipisov,

REDCENTER,

Moscow

1 REPLY
New Member

Re: 6.3(3) Policy NAT and overlapping netorks design issue

Hi Oleg,

AFAIK, it should be possible. You can now do:

nat (inside) access-list

and

static (inside, outside) access-list

Statics are always honoured before nat/globals, so in theory, so long as the static uses an access-list that specifies the other end of the tunnel(s), you should be on your way. In reality, you shouldn't even need to use the access-list on your nat/global entry.

HTH,

S

121
Views
0
Helpful
1
Replies
CreatePlease login to create content