Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX - Nat on Destination Before Entering Tunnel IPsec

Hi all,

I have the need to offer a service to a remote client via a VPN crossing Internet. In order to avoid overlapping of private networks I need to NAT the remote client private net, but I have only control over my PIX 535 v7.0.7 (the remote device is unknown and not managed from us).

The communication is started from an internal server on my side using a pre-defined Natted Ip, so I need to translate back to real Ip prior to put traffic inside Tunnel.

I read here http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml that it is possible to use a policy-nat with static statement in order to apply NAT to Ipsec traffic, but it seems possible only for source nat.

How can I apply the same mechanism in order to nat destination? Could you indicate me some examples?

Thanks a lot

Chiara

1 REPLY
Silver

Re: PIX - Nat on Destination Before Entering Tunnel IPsec

You can use the following example to configure NAT for your network:

networkA---routerA-----routerB---networkB

networkA: 192.168.1.0/24

networkB: 192.168.1.0/24

translated networkA in routerA: 192.168.2.0/24

translated networkB in routerB: 192.168.3.0/24

routerA statements:

ip nat inside source static network 192.168.1.0 192.168.2.0 /24

ip route 192.168.3.0 255.255.255.0

routerB statements:

ip nat inside source static network 192.168.1.0 192.168.3.0 /24

ip route 192.168.2.0 255.255.255.0

149
Views
0
Helpful
1
Replies
CreatePlease to create content