07-18-2001 12:01 AM - edited 02-20-2020 09:49 PM
Hello,
I have PIX 6.0 with IPSec support. I have nat 0 statement with access lists between dmz and inside interface. Now, I want to introduce VPN client configuration. In order to do that, I need to have nat 0 statement. Is it possible to have more than one nat 0 statement with differnet access lists, or I should add access lists entries at the end of exisiting access list.
07-18-2001 10:05 AM
NAT 0 statement - I wanted to do the exact same thing. The only recourse was to add to my existing access list.
07-18-2001 11:54 PM
And, when you add entry to your existing list, is everything OK? I mean, in the same time you have your traffic encrypted and your old access list is working ?
07-18-2001 12:26 PM
You can only have one nat 0 statement but you can have multiple nat statements. e.g.
nat (inside) 0 access-list ipsec
nat (inside) 1 172.27.0.0 255.255.0.0 0 0
access-list ipsec permit ip 172.27.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list ipsec permit ip 172.27.0.0 255.255.0.0 172.18.0.0 255.255.0.0
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide