Is there anyone who worked with the Policy NAT on PIX 6.3 (2) ?
I have a scenario where a central PIX vpn a remote site PIX .
I want to translate Remote site inside private addresses because they
conflict with another remote site.
So i want the Remote PIX to translate to a private pool for establishing the
vpn , and translate to the public outside interface address for internet
access.
172.19.0.0 CentralPIX ----- 206.x.x.58 RemotePIX 10.1.1.0
10.2.2.0 xlate 10.1.1.0
Remote PIX config
access-list nonatvpn permit ip 10.1.1.0 255.255.255.0 172.19.0.0
255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list nonatvpn
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 10.2.2.0 access-list nonatvpn 0 0
Test 1 - ping internet
replies
PAT Global 206.x.x.58(1) Local 10.1.1.190 ICMP id 512
Test 2 - ping vpn ( while ping internet is still running )
replies but ping on internet stop responding
Global 10.2.2.190 Local 10.1.1.190
So it works but not simultaneously . Is this the normal behavior of that
functionnality or did i miss something. I would like to have both access
at the same time.
thanks