10-12-2003 11:41 PM - edited 02-20-2020 11:02 PM
I have a pix 506 (ver 6.3) running PAT for internet access. I now need to create a VPN to a third party and need to NAT the source ip addresses. Is it possible to have separate NAT pool that is only used when the destination is the third party network ( which is using private addressing ). Basically, NAT based on destination ip address.
Alternatively the third party have a vpn 3k. Can they NAT my source ip's when the packets are decrypted at their end before passing them on to the final destination with a LAN-to-LAN NAT rule. I'm sure i read somewhere that altho a static mapping on the LAN-to-LAN NAT rule suggests this can be done it won't work.
Many thanks in advance
Jon
Solved! Go to Solution.
10-13-2003 09:14 AM
You want "Policy NAT", which is described in the PIX 6.3 docs here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1113601
The VPN 3000 can't do NAT in that direction, so doing it in the PIX is your better (only) option.
HTH - Good luck!
10-15-2003 05:55 AM
Ran into the same thing here. Version 6.3(3) (which is new!) has a new feature called policy NAT - which will do exactly what you want it to do.
Go to:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm
FYI - if you use PDM - you can't configure policy NAT via PDM 3.0(1) - unsupported. And if you configure policy NAT from CLI - you will lose capability to use PDM to configure. I'm trying to find out if there is a newer version of PDM that supports this.
Hope that helps.
10-13-2003 09:14 AM
You want "Policy NAT", which is described in the PIX 6.3 docs here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#1113601
The VPN 3000 can't do NAT in that direction, so doing it in the PIX is your better (only) option.
HTH - Good luck!
10-20-2003 07:18 AM
thanks for that. It did the trick fine.
10-15-2003 05:55 AM
Ran into the same thing here. Version 6.3(3) (which is new!) has a new feature called policy NAT - which will do exactly what you want it to do.
Go to:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm
FYI - if you use PDM - you can't configure policy NAT via PDM 3.0(1) - unsupported. And if you configure policy NAT from CLI - you will lose capability to use PDM to configure. I'm trying to find out if there is a newer version of PDM that supports this.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide