09-12-2005 11:42 AM - edited 02-21-2020 01:57 PM
Is there a way to nat a vpn tunnel in the same way you would an interface?
nat (real_ifc).....
09-13-2005 01:11 PM
would you like to NAT incoming traffic from the VPN to the outside interface or the inside interface ?
To the outside interface will not work i think...
to the inside i guess you have to specify a
global (inside) 2 ip.ra.ng.e m.a.s.k
and modify the "NONAT" line to "NAT 2"
09-13-2005 03:37 PM
The traffic is coming from an tunnel connected to the outside interface. Then I need to translate that so that it can reach its destination on the inside network
09-13-2005 11:05 PM
so you want the users on the other lan (vpn users) to be able to connect to resources on the corporate lan (vpn destination)
Seems to me this is not a nat issue, but routing.
If the 2 pixes connect to eachother via the vpn, the routing table is altered so the 2 LAN's can communicate. If no ACL is applied on the inside interface of both pixes, the communication should be fine.
Be sure to use 2 different ip-segments for both LAN's otherwise routing is not possible (the pix will think the segment is local, and will not send it across the vpn)
Set the pix as the default gateway on both lan's and communication between the 2 LAN's should be possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide