07-15-2005 02:08 PM - edited 02-21-2020 12:16 AM
I have an internal workstation that needs to be NATed to an address separate from the Internet global pool that needs to communicate over a site-to-site VPN tunnel but still use the Internet global pool when accessing the Internet. The tunnel is created but I have not been able to NAT the workstation for the tunnel and the Internet simultaneously. Any suggestions?
07-18-2005 05:26 AM
hi gdsnell
Have a look at the below;
Site A 10.10.10.0
Site B 10.10.20.0
nat pool on both pixes to the internet
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
global (outside) 1 [public ip range]
Then create a no-nat pool so these ips can talk to each other over the tunnel
nat (inside) 0 access-list nat0
access-list nat0 permit ip 10.10.10.0 255.255.255.0 10.10.20.0 255.255.255.0
this way, Internet bound traffic will still be natted to the global range but internal (site to site) traffic will keep its 10.10 address. Setup accordingly on the opposite site and all good.
07-18-2005 06:23 AM
The Internet portion is correct but I need to NAT a single internal address to an unique address that is not part of the public address space so only it can transverse the site to site tunnel while still being able to use the Internet NAT/global range for it's Internet bound traffic.
07-18-2005 06:34 AM
If you want just one workstation from Site A for example to access site B and also maintain internet natting for all internal hosts:
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
global (outside) 1 [public ip range]
#Nats all internet traffic
nat (inside) 0 access-list nat0
access-list nat0 permit ip host 10.10.10.5 host 10.10.20.10
#Allows 10.10.10.5 access 10.10.20.10 across the tunnel without natting it
hth
07-18-2005 07:18 AM
This one workstation needs to be NATed to an unique address to access site B and also NATed with all the other workstations for Internet access.
07-19-2005 03:22 AM
What ip address do you want to nat the workstation to - and if you don't mind me asking, why do you wish to nat it? It will be able to access the traffic on the other network with no nat. I am just curious
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide