Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NATing traffic into a VPN tunnel in PIX

Hi

I was asked to setup a VPN tunnel with partner. The partner on the other side insists on the traffic coming from my side to originate from a specific subnet (that he's given me, private IPs) that is not the same subnet that I use. So to achieve this I want to NAT traffic going into that tunnel. Is this possible? How?

2 REPLIES
New Member

Re: NATing traffic into a VPN tunnel in PIX

Paolo,

use static with access list. For example:

access-list acl_static permit ip host your_host_inside_ip host destination_host

static (inside,outside) your_outside_ip_for_vpn access-list acl_static

You have to have one static for each internal host that need to communicate over VPN. Cannot use subnets in acls, cannot use nat command.

Hope this help.

Regards,

Sasa

Silver

Re: NATing traffic into a VPN tunnel in PIX

It's also important to remember that NAT happens before the crypto map, so your ACL for your VPN traffic should match based on the NAT address.

So if you are hiding 10.10.10.10 behind 1.1.1.10 and connecting to your vendor who uses 2.2.2x, your crypto ACL should be something like:

access-list outside_cryptomap line 1 extended permit ip host 1.1.1.10 2.2.2.0 255.255.255.0

-Eric

Please remember to rate all helpful posts.

109
Views
0
Helpful
2
Replies
CreatePlease login to create content