Cisco Support Community
Community Member

Configuration possible with 3020 and PIX501?

I'm trying to setup a VPN configuration with a company that has a 3020 Concentrator and we have a PIX501.

We currently use PAT for all communications with the outside world (except with a few servers that have their own dedicated IPs, which we NAT). When traveling over the VPN tunnel to the 3020, I'd like our hosts to NAT to an address range that is internal to the remote network (they've requested this). Is it possible to set this up?



Re: Configuration possible with 3020 and PIX501?

I don't know if that would work or not. On both sides your source and destination networks for the VPN would be the same then, and you might get some undesirable results.

You could NAT your network to some other network though that they weren't using on their side, and that wouldn't be a problem. To do this, you would create some sort of policy nat statement using an ACL. Then for your crypto ACL, you just match on traffic from the nat'ed (global) address space.

Community Member

Re: Configuration possible with 3020 and PIX501?

Could you provide an example? I'm having difficulty figuring out how to tell the PIX when to use the NAT and when to use the PAT for the hosts that will be accessing the VPN tunnel.

CreatePlease to create content