Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to do Nat between two PIX firewall VPN.same network on both sides?

Hi,

I have two different sites with same network on both sides. I want to establish VPN tunnel between these two sites. I dont want to change the IP addreses in my Network. I want to do NAT on PIX for the users on one site..How is this possible..

3 REPLIES
New Member

Re: How to do Nat between two PIX firewall VPN.same network on b

New Member

Re: How to do Nat between two PIX firewall VPN.same network on b

Thanks a lot Naveen..the URL you have provided is perfect..

pau
New Member

Re: How to do Nat between two PIX firewall VPN.same network on b

Hello,

Have been trying for months to get VPN Client 3.x to connect to 3620, following

http://www.cisco.com/warp/public/471/ios-unity.html almost exactly. Authentication seems to go fine, just can't ping anything on the router side.

Any advise/suggestions really appreciated. Using 12.2(8) T8

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname AcceNet3620

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

enable secret xxxxx

enable password xxx

!

username xxx password 0 xxx

ip subnet-zero

!

!

ip domain-name AcceNet.com

ip name-server 4.2.2.2

ip name-server 4.2.2.1

!

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key xxx

dns 192.168.168.2

wins 192.168.168.2

domain AcceNet.com

pool ippool

acl 108

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

!

!

!

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

!

!

!

interface FastEthernet0/0

ip address 192.168.168.8 255.255.255.0

ip nat inside

no ip mroute-cache

duplex auto

speed auto

!

interface Ethernet1/0

no ip address

half-duplex

!

interface Ethernet1/1

ip address 216.59.x.x 255.255.255.240

ip nat outside

half-duplex

crypto map clientmap

!

ip local pool ippool 192.168.10.10 192.168.10.20

ip nat inside source list 10 interface Ethernet1/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 216.59.145.113

ip route 192.168.10.0 255.255.255.0 216.59.145.113

no ip http server

ip pim bidir-enable

!

!

access-list 10 permit 192.168.168.0 0.0.0.255

access-list 107 permit esp any any

access-list 107 permit udp any any eq isakmp

access-list 107 permit tcp any any eq 22

access-list 107 permit tcp any any eq www

access-list 108 permit ip 192.168.168.0 0.0.0.255 192.168.10.0 0.0.0.255

!

191
Views
5
Helpful
3
Replies