Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Nat/Pat vpn addresses from inside to outside


Please someone help me this is very urgent,i configured my pix to accept l2tp connection from inside and outside.

l2tp and ipsec are working fine.

I've configured pool addresses from invalid ip ranges (different from outside) like here

outside range is

inside range is

pool range is

so i want the vpn users use internet so i should nat the pool range to outside ip addresses or pat please someone help me.

Also here is my nat issue :

Nat (inside) 1

Global (outside) 1 netmask


Best Regards Bahman mozaffari.


Re: Nat/Pat vpn addresses from inside to outside

The nat-control command on the PIX specifies that all traffic through the firewall must have a specific translation entry (nat statement with a matching global, or a static statement) for that traffic to pass through the firewall. The nat-control command ensures that the translation behavior is the same as PIX Firewall versions earlier than 7.0. The default configuration of PIX 7.0 is the specification of the no nat-control command. With PIX Firewall version 7.0, you can change this behavior when you issue the nat-control command.

With nat-control disabled, the PIX forwards packets from a higher-security interface to a lower one without a specific translation entry in the configuration. In order to pass traffic from a lower security interface to a higher one, use access-lists to permit the traffic. The PIX then forwards the traffic. This document focuses on the PIX firewall behavior with nat-control enabled.

CreatePlease to create content