Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 506 VPN/NAT Overlad

We have a remote office that is connected to the ISP provider with a single Pulic IP address. How would you set up the pix to use the single IP address for the VPN Tunnel/(internet connection for local users). I have heard mention of problems with this setup. Has anyone else heard these concerns or know how to implement this.

1 REPLY
New Member

Re: PIX 506 VPN/NAT Overlad

lets say your outside ip is 64.1.1.1 and your internal subnet is 1.1.1.1 and you have a lan to lan with a network of 2.1.1.1 and your giving out a pool of ips for your remote access clients of 3.1.1.0 (not sure if you were doing this) for basic internet you would use

global (outside) 1 interface

nat (inside) 1 1.1.1.1

then make an access list to bypass nat for tunnel traffic

access-list nonat permit ip 1.1.1.0 255.255.255.0 2.1.1.0 255.255.255.0

access-list nonat permit ip 1.1.1.0 255.255.255.0 3.1.1.0 255.255.255.0

then type this

nat (inside) 0 access-list nonat

99
Views
0
Helpful
1
Replies
CreatePlease to create content