cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
1
Replies

PIX site-to-site to specific host, and nat traffic from peers

sitedr
Level 1
Level 1

Hello,

I've successfully configured remote access (vpn client) and a site to site vpn for a client. The site to site comes up, and traffic to an internal host (mainframe) is initiated. The problem is that the mainframe has the wrong routes, and client does not want to "drop" IP at this time.

The mainframe is configured to route to extra subnets I created for local pools that the vpn clients utilize. I would like to NAT incoming traffic from the site to site peer to one of these subnets (not currently utilized by an address pool). I don't think bi-directional NAT is needed, as the mainframe is behind another router, and on very different subnets than the peer uses. Traffic from this peer should only be able to access the mainframe, just as the vpn clients do. Thank you for your assistance.

1 Reply 1

sitedr
Level 1
Level 1

Just a little clarification on the above:

mframe=172.18.1.3

peer internal=10.1.1.0/24

our PIX internal=10.1.2.0/24

subnet I wish to NAT peer internal to=10.1.85.0/24

The mainframe and internal routers are already configured to access 10.1.85.0/24. The site to site VPN is currently working, but the mainframe cannot get back to the peer. This is why I would like to NAT their (the peer) traffic to the 10.1.85.0 subnet. The vpn clients, who obtain their IP addresses from a pool consisting of 10.1.84.0/24 IP addresses, are able to access the mainframe. The 10.1.85.0 subnet was added to the routers and the mainframe, but never utilized. Any help is greatly appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: