Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Blue

Pix NAT/PAT destination

I have a pix 506 (ver 6.3) running PAT for internet access. I now need to create a VPN to a third party and need to NAT the source ip addresses. Is it possible to have separate NAT pool that is only used when the destination is the third party network ( which is using private addressing ). Basically, NAT based on destination ip address.

Alternatively the third party have a vpn 3k. Can they NAT my source ip's when the packets are decrypted at their end before passing them on to the final destination with a LAN-to-LAN NAT rule. I'm sure i read somewhere that altho a static mapping on the LAN-to-LAN NAT rule suggests this can be done it won't work.

Many thanks in advance

Jon

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: Pix NAT/PAT destination

You want "Policy NAT", which is described in the PIX 6.3 docs here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1113601

The VPN 3000 can't do NAT in that direction, so doing it in the PIX is your better (only) option.

HTH - Good luck!

New Member

Re: Pix NAT/PAT destination

Ran into the same thing here. Version 6.3(3) (which is new!) has a new feature called policy NAT - which will do exactly what you want it to do.

Go to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm

FYI - if you use PDM - you can't configure policy NAT via PDM 3.0(1) - unsupported. And if you configure policy NAT from CLI - you will lose capability to use PDM to configure. I'm trying to find out if there is a newer version of PDM that supports this.

Hope that helps.

3 REPLIES
Bronze

Re: Pix NAT/PAT destination

You want "Policy NAT", which is described in the PIX 6.3 docs here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1113601

The VPN 3000 can't do NAT in that direction, so doing it in the PIX is your better (only) option.

HTH - Good luck!

Hall of Fame Super Blue

Re: Pix NAT/PAT destination

thanks for that. It did the trick fine.

New Member

Re: Pix NAT/PAT destination

Ran into the same thing here. Version 6.3(3) (which is new!) has a new feature called policy NAT - which will do exactly what you want it to do.

Go to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm

FYI - if you use PDM - you can't configure policy NAT via PDM 3.0(1) - unsupported. And if you configure policy NAT from CLI - you will lose capability to use PDM to configure. I'm trying to find out if there is a newer version of PDM that supports this.

Hope that helps.

149
Views
0
Helpful
3
Replies
CreatePlease to create content