01-06-2006 01:27 AM - edited 02-21-2020 12:37 AM
Hi,
Im trying to find a solution for the following:
we are running a Pix 506e.
Users connect from the outside to it using pptp vpn.
From the inside users are using cisco vpn-client to a cisco vpn concentrator. Can i let the pix make this connection.
I tried setting up easyvpn but it tells me i need to remote "nat 0 "
If i do this my internet doesn't work anymore.
I am confused..
Any help is appriciated
Marco
01-06-2006 02:09 AM
Hi
you can define 2 NAT statements leaving the VPN traffic remain the same (unnated) and the other traffic to get natted..
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list 101 permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0
Where 1.1.1.0/24 is ur local inside address space and 2.2.2.0/24 which u use as a pool for the vpn clients..
regds
01-09-2006 04:54 AM
Hi,
thanks for your reply. But thats allready in my config. Following is the exact message when i try to enable the easyvpn:
[ERR]vpnclient enable
* Remove "nat (inside) 0 inside_outbound_nat0_acl"
CONFIG CLASH: Configuration that would prevent successful PIX Easy VPN Remote
operation has been detected, and is listed above. Please resolve the
above configuration clashes and re-enable.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: