Hello All,
Can you help me to get this issue fixed.
I have Pix 515 running. 6.3.3
I have 25 public IP addresses & about 40 users using different kinds of VPN clients ( cisco, Checkpoint etc) They may all not be connecting at the same time.
So i want to define a policy NAT based on an access list which distinguishes between VPN traffic & Non-VPN traffic.
The VPN Traffic should be assigned a static NAT & others should be PAT translated.
By this i save on the numbers of Public Ip addresses used & avoid request of additional addresses.
I have tried the following options.
a) Create an Access-list with VPN ports
access-list VPN_ACL permit udp any any eq isakmp
access-list VPN_ACL permit esp any any
access-list VPN_ACL permit gre any any
access-list VPN_ACL permit ah any any
b) Created a NAT POOL for VPN traffic with ID 1
global (outside) 1 xx.xx.xx.1-xx.xx.xx.25 netmask 255.255.255.224
nat (inside) 1 access-list VPN_ACL
c) Created a PAT IP for NoN-VPN traffic with ID 2
global (outside) 2 xx.xx.xx.26
nat (inside) 2 10.0.0.0 255.0.0.0 0 0
Inspite of this the VPN traffic is not getting NATted.
I tried the Static (inside,outside) xx.xx.xx.1-xx.xx.xx.25 VPN_ACl
But the PIX is not accepting this command. I get a message which Says an IP ESP packet cannot be Translated to an IP packet.
Can anybody please help