Here's my problem: I have a remote user that connects to my network with a PIX-to-PIX IPSec VPN (using a simple pre-shared key). This solution works great as long as he only needs to access resources on my network. If he needs to get to the corporate WAN through the router on my network (which I have no control over), the router denies his traffic because it will only route from source addresses on my network. Is there some way in the VPN setup that I can have the remote user's PIX (which also uses NAT to access the internet) NAT traffic to my network? I have looked at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/sit2site.htm#xtocid20 and it doesn't seem to shed much light on exactly my scenario. Perhaps there's a way to bind a Global pool to a an IPSec tunnel?
Because your remote user has to come through your VPN first, he can't make any NAT changes, it has to be done at your end. You could add another router on your LAN and force his traffic via that (and NAT it) but thats not very efficient. How about allocating him a small portion of your subnet for his private LAN. You can have a specific route for him (although I guess this needs placing on the router you don't control).
A PIX won't allow traffic out the same interface it came in - a remote user, making a vpn connection to the pix's outside interface, cannot send data back out the outside interface to a IOS router to the corp. network.
He would either need to make a vpn connection to corp. network, or use terminal services/ pc anywhere to a pc on your network via the vpn, from which he could access corp. net
It sounds like the easy fix is to talk to the person that manages the router on your network and determine if your remote VPN user's network will fit into the bigger IP scheme. If so, maybe he will allow that network to enter the WAN from your location.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...