PIX to PIX VPN with Outside NAT

Shea Lambert · ‎02-09-2005

Is it possible to create a p2p VPN between to PIX’s and use the Outside NAT feature to NAT traffic at the remote site.

Ex:

Site A

10.1.1.x 255.255.255.0 Inside

99.99.99.99 Outside

Site B

99.99.99.98 Outside

10.30.2.x Inside

Can I NAT traffic coming into Site B using the same Network (10.30.2.x)?

Patrick Iseli · ‎02-09-2005

No you need two diffrent networks on both PIX's inside network, otherwise you cannot route that traffic into the Tunnel.

You can NAT a network comming from the remote VPN site but you need definitly two diffrent network ranges.

sincerely

Patrick

stevep · ‎02-10-2005

Patrick,

I'm sorry to have to correct you but you can have 2 inside networks with overlapping address space communicating over a VPN.

uscsupport,

Providing you have ver 6.2 you can accomplish this. What doesn't look correct to me though are your outside IP addresses at both site A and site B. Why would an ISP supply overlapping Net's to 2 different company's?

If what you are trying to achieve is a S2S VPN and both the sites have the same internal IP addressing schemes, then it is certainly do-able.

Check the following link for a detailed explanation.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113519

Patrick Iseli · ‎02-10-2005

Upps I missunderstood the question, yeah Steve you are absolutly right it is possible to NAT doublicated Network ranges.

Shea Lambert · ‎02-14-2005

I've attached a doc that further explains what I need to do. Thanks,

rafals · ‎02-21-2005

Hi,

This configuration is not possible with dynamic nat translation, you can try make this with static Nat.