Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NATing JUST for TUNNEL

Hi. Interesting request... A client has private network 10.1.1.x, we have 192.168.x.x. They have Netscreen[barf] and we have a 515. They are requesting that in creating the tunnel, all our 192 addresses get xlated to 20.20.20.x in order to be allowed into their private space. IS this possible on a PIX? THANKS!!!

4 REPLIES
New Member

Re: NATing JUST for TUNNEL

Hi,

Yes, this is possible, all you need is a NAT with access-list matching the traffic going to their private space.

Cheers,

Naveen B

New Member

Re: NATing JUST for TUNNEL

Thank you so much for getting back to me!!! I hate to ask but where do I put this? Once access list from the REAL private to THEIR real private and then ][somehow] a NAT statement referencing the access-list? I'm sorry for the newbie question. :(

New Member

Re: NATing JUST for TUNNEL

global (outside) 1 20.20.20.1-20.20.20.254 netmask 255.255.255.0

access-list vpn permit ip 192.168.X.X 255.255.0.0 10.10.10.X 255.255.255.0

nat (inside) 1 access-list vpn

New Member

Re: NATing JUST for TUNNEL

You Rock! Thanks!!!

95
Views
5
Helpful
4
Replies
CreatePlease to create content