cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2189
Views
0
Helpful
3
Replies

PIX with multiple NAT 0 statements

s.vidanovic
Level 1
Level 1

Hello,

I have PIX 6.0 with IPSec support. I have nat 0 statement with access lists between dmz and inside interface. Now, I want to introduce VPN client configuration. In order to do that, I need to have nat 0 statement. Is it possible to have more than one nat 0 statement with differnet access lists, or I should add access lists entries at the end of exisiting access list.

3 Replies 3

brian.giaccone
Level 1
Level 1

NAT 0 statement - I wanted to do the exact same thing. The only recourse was to add to my existing access list.

And, when you add entry to your existing list, is everything OK? I mean, in the same time you have your traffic encrypted and your old access list is working ?

ashariff
Level 1
Level 1

You can only have one nat 0 statement but you can have multiple nat statements. e.g.

nat (inside) 0 access-list ipsec

nat (inside) 1 172.27.0.0 255.255.0.0 0 0

access-list ipsec permit ip 172.27.0.0 255.255.0.0 172.16.0.0 255.255.0.0

access-list ipsec permit ip 172.27.0.0 255.255.0.0 172.18.0.0 255.255.0.0

Hope this helps.

Review Cisco Networking for a $25 gift card