Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX site-to-site to specific host, and nat traffic from peers


I've successfully configured remote access (vpn client) and a site to site vpn for a client. The site to site comes up, and traffic to an internal host (mainframe) is initiated. The problem is that the mainframe has the wrong routes, and client does not want to "drop" IP at this time.

The mainframe is configured to route to extra subnets I created for local pools that the vpn clients utilize. I would like to NAT incoming traffic from the site to site peer to one of these subnets (not currently utilized by an address pool). I don't think bi-directional NAT is needed, as the mainframe is behind another router, and on very different subnets than the peer uses. Traffic from this peer should only be able to access the mainframe, just as the vpn clients do. Thank you for your assistance.

New Member

Re: PIX site-to-site to specific host, and nat traffic from peer

Just a little clarification on the above:


peer internal=

our PIX internal=

subnet I wish to NAT peer internal to=

The mainframe and internal routers are already configured to access The site to site VPN is currently working, but the mainframe cannot get back to the peer. This is why I would like to NAT their (the peer) traffic to the subnet. The vpn clients, who obtain their IP addresses from a pool consisting of IP addresses, are able to access the mainframe. The subnet was added to the routers and the mainframe, but never utilized. Any help is greatly appreciated.

CreatePlease to create content