We have a Pix firewall running 6.3(3),currently it is configured so that inside desktops NAT as PIX Outside Interface IP and hit internet .We are planning to establish a Site-Site VPN btw us and another company ,The other company is insisting that we NAT the Desktops to Internet IP before entering the IPSEC Tunnel ,however desktops should continue to hit internet as PIX outside INT IP . Can you plz point me to a configuration example or commands that can make this happen . Thanks in Advance
Thanks for replying me , I think i did not explain it right ,the requirment of the Other Company is , Let say the Inside IP of the desktop ip 192.168.5.8 ,if it needs to hit the internet , Desktop will NAT's as 184.108.40.206 (pix Outside INT), however if it needs to go into the IPsec tunnel , it needs to NAT as 220.127.116.11 (for Eg). Is this do-able ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...