Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

please help with translation scenario

Please help with the following scenario:

I have four users with the address range 10.x.1.1-10.x.1.4 that need access across a vpn tunnel to servers with addresses of 172.16.x.4-172.16.x.6. The tunnel with be made with a router on the client end (near side) and a PIX firewall on the server end (far side). I want to translate the 10.x.1.1-4 inside addresses to another set of addresses to hide their real ip from the remote end. I want to translate them to a 10.15.x.x range. My question is not building the tunnel, but how to best configure the PIX on the near end before going out the vpn tunnel? All traffic will be initiated from the client end. In addition to the servers having ip addresses of 172.16.x.4-6, they also listen on another set of 172.162.x.x addresses via SSL. How do I best set that up to allow the clients to access both sets of server addresses? Do I need two sets of translations?


Re: please help with translation scenario

This is going to be tricky to implement. Usually, we configure NAT 0 for all LAN-to-LAN IPSec encrypted traffic. The conduits are then specified using the actual addresses. I guess, you will need to have a close look at the document 'NAT Order of Operation' at Thsi will help you figure out what addresses to specify in the conduit statements.

CreatePlease to create content