Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

VPN concentrator to PIX----Need to Nat the far side

joe.oranday
Level 1
Level 1

‎02-14-2005 11:45 AM - edited ‎02-21-2020 01:36 PM

I own the concentrator, but have no control over the far side PIX. I realize the PIX can NAT, but I would prefer to use the concentrator so that I can NAT the far side network.

I was hoping the NAT Lan-to-Lan rules would work with incoming traffic, but it doesnt seem to assign translations. I know that the PIX allows you to NAT remote addresses, but can this be done on the concentrator?

thanks

joe

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎02-14-2005 11:45 PM

Hi Joe,

Yeah,, you can do a LAN to LAN NAT translation on the VPN concentrator.. You can translate the ip addresses on the VPN box and send it to the remote end.. You can have a look at this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800ef7ad.shtml#veri

Just see the second configuration of the VPN 3000.. it talks about LAN-to-LAN NAT rule..

is this the one you were looking for ?

Raj

0 Helpful

joe.oranday
Level 1
Level 1
In response to sachinraja

‎02-15-2005 07:47 AM

thanks Raj, but that doesn't solve my problem. you see, in my scenerio, I don't control the far side VPN connection (a PIX). so I need my concentrator to NAT for both sides.

In the example in the article you posted, I would have LAN 2 come in using it's non-natted address of 14.38.100.x and what I want to see happen is to have the LAN 1 concentrator NAT that address into an address range that I choose like a 10.x.x.x network.

thanks

joe

0 Helpful
Customers Also Viewed These Support Documents