After Tunnel Ends, Need to NAT and Forward Packets
This is my secon post, desperatlely need to know whether or not what I'm attempting is even possible.
I have a Pix into which both remote access and site-to-site tunnel sessions terminate (via RAN and Outside interfaces).
Users are currently able to access resouces directly connected to the PIX (eg. Servers in the DMZ).
I now want to give said users access to a remote office. For this, I want to forward packets out another interface (call it RAN2) to a IPSEC router that starts a new tunnel across the internet.
The trick is, I want to overload Nat (PAT) all forwarded packets so their source address becomes RAN2's address. This would simplify the crypto ACL on the IPSEC router (and its remote peer) as we wouln't have to contend with multiple address (ip local pools, private LAN addresses from the pix).
I'm challenged on how to configure the NAT global pair in the PIX to effect the nat. Eg. the following doesn't work:
nat (ran) 5 pool_subnet 255.255.255.0
nat (outside) 5 pool2_subnet 255.255.0 //the pix coughs at this
global (ran2) 5 interface //I've tried with actual IP address as well.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...