The issue its we try to establish a VPN-Site2Site between the Local PIX and other PIX in Internet, in this IPSec tunnel we have to put services for LAN1, and LAN2.
But by the address we use in the LAN2(Public IP address), the other end of the tunnel request we use NAT to establish the IPSEC tunnel, the problem begin when we detect that the PIX already had configured NAT to go out to Internet.
My question is, there is any possibility to configure 2 NATS in the PIX, 1 NAT is used to Internet, and the second one used only when the LAN1,LAN2 try to establish a IPSex tunnel.
We can`t used NAT 0 (exclude Internet NAT 1, because we need NAT 2 to reach the VPN tunnel).
You can configure multiple nats with pix - use multiple nat statements with associated global statements, but you cannot have multiple *overlapping* nats - I don't think there is a way to have 10.10.10.0/24 get natted to 184.108.40.206 for certain netblocks, and to 220.127.116.11 for others.
That said, you almost *always* need nat 0 for ipsec tunnels. Nat breaks a ton of protocols used intralan (ms windows networking, etc).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :