04-01-2003 11:04 PM - edited 03-09-2019 02:44 AM
Hi,
I apoligize for my bad english!!
I must do a complex VPN between two pix where I am oblige to do NAT. However I have a problem with the NAT. In fact I want to relocate my subnet towards a virtual network. I will do it with this commands :
Global (outside) 20 20.0.1.0
Nat (inside) 20 access-list 120
with access-list 102 permit ip 10.0.1.0 255.255.255.0 20.0.1.0 255.255.255.0
But the pix don't want this commands because with an access-list, it accept only nat 0
I like to know how I can circumvent this problem
Thank you in advance,
Paul Martiny
04-07-2003 11:57 AM
The NAT command allows you to specify an access-list only if NAT 0 is used. It seems that you want packets destined only to 20.0.1.0/24 to be natted. To achieve that, what you could try is to deploy access-lists on the outermost router so that it will allow only packets from network 10.0.1.0/24 and destined for 20.0.1.0/24 to reach the PIX. These could then be natted by the PIX.
04-07-2003 10:48 PM
Thank you very much. It's good idea but i must realize this only with one pix.
Paul Martiny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide