PIX site-to-site to specific host, and nat traffic from peers
I've successfully configured remote access (vpn client) and a site to site vpn for a client. The site to site comes up, and traffic to an internal host (mainframe) is initiated. The problem is that the mainframe has the wrong routes, and client does not want to "drop" IP at this time.
The mainframe is configured to route to extra subnets I created for local pools that the vpn clients utilize. I would like to NAT incoming traffic from the site to site peer to one of these subnets (not currently utilized by an address pool). I don't think bi-directional NAT is needed, as the mainframe is behind another router, and on very different subnets than the peer uses. Traffic from this peer should only be able to access the mainframe, just as the vpn clients do. Thank you for your assistance.
Re: PIX site-to-site to specific host, and nat traffic from peer
Just a little clarification on the above:
our PIX internal=10.1.2.0/24
subnet I wish to NAT peer internal to=10.1.85.0/24
The mainframe and internal routers are already configured to access 10.1.85.0/24. The site to site VPN is currently working, but the mainframe cannot get back to the peer. This is why I would like to NAT their (the peer) traffic to the 10.1.85.0 subnet. The vpn clients, who obtain their IP addresses from a pool consisting of 10.1.84.0/24 IP addresses, are able to access the mainframe. The 10.1.85.0 subnet was added to the routers and the mainframe, but never utilized. Any help is greatly appreciated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :