Hello, I'm having this issue for quite a few days now.
I have a Cisco PIX 6.3.3, which currently has a VPN tunnel to another PIX. I have quite a few local networks behind my PIX, let's say for example 10.76.1.0/24.
The people from the other side of the tunnel only want to see the network 10.54.1.0 /24, so I have NAT configured to translate the traffic that goes to the tunnel. I've used policy NAT (nat with an ACL).
The thing is that when a server from the local network accesses the VPN first, it does not NAT ever again. I mean, it remains with the translated IP 10.54.1.1, for example, but does not NAT with the outside interface to access the Internet.
Here's a glimpse of the configuration:
global (outside) 14 10.54.1.0 netmask 255.255.255.0 global (outside) 1 interface
Instead of using nat-global (unless you want to PAT your traffic) for both translations, you should use static for the VPN translation. As you only have /24 network in your inside network you should restrict your VPN ACL to match specific traffic.
Try changing your configuration so it looks like this:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...