05-27-2005 03:18 AM
I have the following issue
one site with a PIX and the other with a Concentrator
VPN tunnel between them
they have onverlaping networks, and I need the PIX side to do NAT for traffice before it goes into the tunnel, can the PIX do this, like the concentrator can ?
or could I use the Concentrator for this i.e. make him nat the addresses the pix is sending through the tunnel, I am not seeing that it would work, as then the security acl´s would not be able to match on both sides
any thoughts ?
05-27-2005 06:14 AM
If it were me, I would NAT my outbound traffic prior to it hitting PIX or NAT the traffic inbound coming from the far end after it hits your PIX. I have had issues trying to make this work by natting towards the ipsec interface.
HTH.
05-30-2005 04:36 PM
You can use the PIX to nat before going into the ipsec tunnel. In earlier versions of PIX you didn't have the ability to NAT based on the destination network. So if you Natted for the tunnel and used the same interface for internet connectivity the edge router would have to then do another nat when traffic was destined for the internet. As of the latest version of PIX you can do a NAT based on the destination network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide