https://community.cisco.com/t5/network-security/public-ip-to-internal-over-l2l-and-through-a-nat/m-p/1027565#M919560 <P>Hi!</P><P></P><P>Got a tricky situation right now and need some additional brainpower.</P><P></P><P>We have a PIX515E running 7.2.2.</P><P></P><P>We have a L2L VPN tunnel to another company where we have our servers.</P><P></P><P>This works good.</P><P></P><P>Now, a server at the other company site needs a public IP and has to go through our own PIX and over the L2L tunnel.</P><P></P><P>Currently we are NAT'ing all traffic to the other company over the L2L. This works good.</P><P></P><P>Our server has the IP: 10.1.1.5, and we are giving it a public ip (fake) 192.1.1.5 in my own PIX</P><P></P><P>How shall I do the static?</P><P></P><P>Will it be : static (inside,outside) 192.1.1.5 10.1.1.5 netmask 255.255.255.255 ?</P><P></P><P>Considering that the our server 10.1.1.5 is really "outside" from my PIX point of view?</P><P></P><P>How shall I turn the traffic around and enter the L2L and get NAT'ed towards the server?</P><P></P><P>I previously made it possible to VPN to our PIX and then be able to work against the servers with NAT'ing. </P><P></P><P>Then I just had to add another NAT for (outside) and it worked. I've even tried adding another ACL line and permitting any traffic towards 10.1.1.5. Not working tho</P><P></P><P>Would really appreciate some help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Thanks</P> Mon, 11 Mar 2019 12:49:57 GMT azore2007 2019-03-11T12:49:57Z https://community.cisco.com/t5/network-security/public-ip-to-internal-over-l2l-and-through-a-nat/m-p/1027565#M919560 <P>Hi!</P><P></P><P>Got a tricky situation right now and need some additional brainpower.</P><P></P><P>We have a PIX515E running 7.2.2.</P><P></P><P>We have a L2L VPN tunnel to another company where we have our servers.</P><P></P><P>This works good.</P><P></P><P>Now, a server at the other company site needs a public IP and has to go through our own PIX and over the L2L tunnel.</P><P></P><P>Currently we are NAT'ing all traffic to the other company over the L2L. This works good.</P><P></P><P>Our server has the IP: 10.1.1.5, and we are giving it a public ip (fake) 192.1.1.5 in my own PIX</P><P></P><P>How shall I do the static?</P><P></P><P>Will it be : static (inside,outside) 192.1.1.5 10.1.1.5 netmask 255.255.255.255 ?</P><P></P><P>Considering that the our server 10.1.1.5 is really "outside" from my PIX point of view?</P><P></P><P>How shall I turn the traffic around and enter the L2L and get NAT'ed towards the server?</P><P></P><P>I previously made it possible to VPN to our PIX and then be able to work against the servers with NAT'ing. </P><P></P><P>Then I just had to add another NAT for (outside) and it worked. I've even tried adding another ACL line and permitting any traffic towards 10.1.1.5. Not working tho</P><P></P><P>Would really appreciate some help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Thanks</P> Mon, 11 Mar 2019 12:49:57 GMT https://community.cisco.com/t5/network-security/public-ip-to-internal-over-l2l-and-through-a-nat/m-p/1027565#M919560 azore2007 2019-03-11T12:49:57Z https://community.cisco.com/t5/network-security/public-ip-to-internal-over-l2l-and-through-a-nat/m-p/1027566#M919566 <HTML><HEAD></HEAD><BODY><P>Go through this NAT and Access Lists (Cisco PIX 500 Series Security Appliances Configuration guide) for your configuration . It will help for the configuration.</P><P><A class="jive-link-custom" href="http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html" target="_blank">http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html</A></P></BODY></HTML> Fri, 30 May 2008 13:40:06 GMT https://community.cisco.com/t5/network-security/public-ip-to-internal-over-l2l-and-through-a-nat/m-p/1027566#M919566 wong34539 2008-05-30T13:40:06Z