Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
2
Replies

NATing traffic into a VPN tunnel in PIX

paolosupino
Level 1
Level 1

‎11-10-2006 12:49 PM - edited ‎02-21-2020 02:43 PM

Hi

I was asked to setup a VPN tunnel with partner. The partner on the other side insists on the traffic coming from my side to originate from a specific subnet (that he's given me, private IPs) that is not the same subnet that I use. So to achieve this I want to NAT traffic going into that tunnel. Is this possible? How?

Labels:
0 Helpful
2 Replies 2

smilic
Level 1
Level 1

‎11-13-2006 02:05 PM

Paolo,

use static with access list. For example:

access-list acl_static permit ip host your_host_inside_ip host destination_host

static (inside,outside) your_outside_ip_for_vpn access-list acl_static

You have to have one static for each internal host that need to communicate over VPN. Cannot use subnets in acls, cannot use nat command.

Hope this help.

Regards,

Sasa

0 Helpful

ethiel
Level 3
Level 3
In response to smilic

‎11-13-2006 04:25 PM

It's also important to remember that NAT happens before the crypto map, so your ACL for your VPN traffic should match based on the NAT address.

So if you are hiding 10.10.10.10 behind 1.1.1.10 and connecting to your vendor who uses 2.2.2x, your crypto ACL should be something like:

access-list outside_cryptomap line 1 extended permit ip host 1.1.1.10 2.2.2.0 255.255.255.0

-Eric

Please remember to rate all helpful posts.

0 Helpful
Customers Also Viewed These Support Documents