Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN with NAT on PIX

Custom with PIX515E, IOS 7.0.7

I need to add a further site-to-site VPN.
In this case, however, our partner asks not to present with the private IP of the inside net, but with a NATted one.
From our part, it is all of our LAN that must participate in the VPN.
Configured and tried, but it doesn't work...

By another client, I have already made a similar VPN, but in that case the inside LAN was a single host, with a static NAT.
In this case, I have a dynamic NAT of the whole net.

I have not found any documentation that contemplates this scenery, it seems that works only with static NAT - also of the whole net, but always  Static.

Does someone have some idea?


Everyone's tags (3)

Re: VPN with NAT on PIX

Community Member

Re: VPN with NAT on PIX

I allready know this document.

But in the example a STATIC NAT is been used for the whole LAN 1:1

I have only ONE IP for all the LAN, so how can I configure a static NAT? I beleav, I can't ..


Re: VPN with NAT on PIX

You will have to PAT

One IP,  say is public IP ( ),   use it to PAT your inside LAN to connect to other tunnel LAN.

Other side LAN hosts say is and, create acl and add it to your crypto map policy for that tunnel.

access-list OTHER_L2L extended permit ip host
access-list OTHER_L2L extended permit ip host

global (outside) 2
nat (inside) 2 access-list OTHER_L2L


CreatePlease to create content