Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
5
Replies

How to NAT internal network

boschrexroth
Level 1
Level 1

‎05-17-2004 04:37 AM - edited ‎03-09-2019 07:24 AM

We have an issue where our office has two subnets that we use. A main subnet and a enginnering subnet.

We have a VPN tunnel created between ourselves and head office and any traffic on our main subnet is allowed through not natted but not our enginnering network.

access-list 80 permit ip 10.17.128.0 255.255.255.0 10.18.0.0 255.255.0.0

nat (inside) 0 access-list 80

Is there a way to have any traffic from our enginnering network natted to an address from our main network so that it will flow through the tunnel?

The main network is 10.17.128.X and our engineering network is 192.168.29.X.

We do not want to create another set of access lists for the enginnering network so we hope we can just translate the addesses.

Thanks,

Stryder

Labels:
0 Helpful
5 Replies 5

ehirsel
Level 6
Level 6

‎05-17-2004 09:08 AM

How many pix interfaces are in use? Assuming that there are three, one for the vpn connection to the main office, one for the main subnet in your office, and one for the enginerring subnet, this ought to work:

nat (intf_eng) ii 192.168.29.0 255.255.255.0

global (intf_vpn) ii 10.17.128.yyy where yyy is the last octet that is not in use on the inside interface.

If you only have two interfaces, then this should still work, repace intf_eng with inside on the nat statement.

0 Helpful

boschrexroth
Level 1
Level 1
In response to ehirsel

‎05-17-2004 10:29 AM

Actually, I do have three interface but one is for inside, one for dmz, and one for the internet/vpn connection.

We have a router in another building that takes care of the engineering subnet.

Any other ideas?

Thanks,

Stryder

0 Helpful

ehirsel
Level 6
Level 6
In response to boschrexroth

‎05-17-2004 10:47 AM

Will the enginerring subnet traffic pass thru the pix's inside interface? From your description it appears to be the case. Just use the nat (inside) ii 192.168.29.0 255.255.255.0 example along with the global (intf_vpn) ii statment that I gave in my 1st posting.

0 Helpful

boschrexroth
Level 1
Level 1
In response to ehirsel

‎07-23-2004 12:03 PM

This didn't seem to work. Does anyone else have any ideas?

As I mentioned the engineer subnet uses the same interface on the pix as the main network. Our head office only allows traffic from the 10.17.128.0 network so we have to nat any packet from the 192.168.29.0 network to a 10.17.128.x number.

Thanks.

0 Helpful

boschrexroth
Level 1
Level 1
In response to boschrexroth

‎08-11-2004 06:42 AM

Can anyone help me or point me to some relative information.

Thanks,

Scott

0 Helpful
Customers Also Viewed These Support Documents