Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT's problem

Hi,

I apoligize for my bad english!!

I must do a complex VPN between two pix where I am oblige to do NAT. However I have a problem with the NAT. In fact I want to relocate my subnet towards a virtual network. I will do it with this commands :

Global (outside) 20 20.0.1.0

Nat (inside) 20 access-list 120

with access-list 102 permit ip 10.0.1.0 255.255.255.0 20.0.1.0 255.255.255.0

But the pix don't want this commands because with an access-list, it accept only nat 0

I like to know how I can circumvent this problem

Thank you in advance,

Paul Martiny

2 REPLIES
Bronze

Re: NAT's problem

The NAT command allows you to specify an access-list only if NAT 0 is used. It seems that you want packets destined only to 20.0.1.0/24 to be natted. To achieve that, what you could try is to deploy access-lists on the outermost router so that it will allow only packets from network 10.0.1.0/24 and destined for 20.0.1.0/24 to reach the PIX. These could then be natted by the PIX.

New Member

Re: NAT's problem

Thank you very much. It's good idea but i must realize this only with one pix.

Paul Martiny

91
Views
0
Helpful
2
Replies
CreatePlease login to create content