Hi there,

I wrote a quick example for you which you probably can use with some modifications.

1.1.1.0/24 is the NAT'ed addresses

2.2.2.0/24 is the other sites addresses

3.3.3.0/24 is the real addresses on your PIX site

4.4.4.0/24 is the outside addresses on your PIX site

5.5.5.0/24 is the outside addresses on the other site.

access-list init-ipsec permit 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

access-list nonat permit 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

access-list policy permit 3.3.3.0 255.255.255.0 2.2.2.0 255.255.255.0

ip address inside 3.3.3.1 255.255.255.0

ip address outside 4.4.4.2 255.255.255.0

nat (inside) 0 access-list nonat

nat (inside) 1 access-list policy

nat (inside) 2 3.3.3.0 255.255.255.0

global (outside) 1 1.1.1.1-1.1.1.254 netmask 255.255.255.0

global (outside) 2 interface

route outside 0.0.0.0 0.0.0.0 4.4.4.1

sysopt connection permit-ipsec

crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 3600

crypto map cmap 5 ipsec-isakmp

crypto map cmap 5 match address init-ipsec

crypto map cmap 5 set peer 5.5.5.2

crypto map cmap 5 set transform-set 3desmd5

crypto map cmap interface outside

isakmp enable outside

isakmp key foobar address 5.5.5.2 netmask 255.255.255.255

isakmp identity address

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption 3des

isakmp policy 5 hash md5

isakmp policy 5 group 2

isakmp policy 5 lifetime 86400

Did it help?