Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > Newsgroups > Computing > Cisco > PIX natting of a VPN tunnel?

Reply
Thread Tools

PIX natting of a VPN tunnel?

 
 
Raymond Doetjes
Guest
Posts: n/a
 
      12-20-2004
Hi there,

I have a little problem.
I need to NAT a certain tunnel form local nat 192.168.2.0/24 to
172.16.17.34.
I was hoping to use policy based nat with nat a nat+access-list and a
global (outside) 172.16.17.34. However an access-list with nat can only
work on nat 0. Which we use to exempt the other VPN tunnels from the
global nat.

If anyone has experience with natting a single VPN with a PIX please
give me some leads, because I'm pretty much stuck. Also due to the fact
that you can't create virtual Loopback interfaces ob the PIX which I
usually use on a Cisco router IOS, to achieve this.

Greetz,


Raymond
 
Reply With Quote
 
 
 
 
PES
Guest
Posts: n/a
 
      12-20-2004
Raymond Doetjes wrote:
> Hi there,
>
> I have a little problem.
> I need to NAT a certain tunnel form local nat 192.168.2.0/24 to
> 172.16.17.34.
> I was hoping to use policy based nat with nat a nat+access-list and a
> global (outside) 172.16.17.34. However an access-list with nat can only
> work on nat 0. Which we use to exempt the other VPN tunnels from the
> global nat.
>
> If anyone has experience with natting a single VPN with a PIX please
> give me some leads, because I'm pretty much stuck. Also due to the fact
> that you can't create virtual Loopback interfaces ob the PIX which I
> usually use on a Cisco router IOS, to achieve this.
>
> Greetz,
>
>
> Raymond

The feature you are looking for is called policy nat. It does permit
the use of an acl on a nat statement. I think it was introduced in
something like ver 6.2.

--
-------------------------
Paul Stewart
Lexnet Inc.
Email address is in ROT13
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-20-2004
In article <41c6ada6$>, PES <> wrote:
:The feature you are looking for is called policy nat. It does permit
:the use of an acl on a nat statement. I think it was introduced in
:something like ver 6.2.

It was 6.3(2) that introduced it.

http://www.cisco.com/univercd/cc/td/....htm#wp1113601

[Yey! Another bit of trivia successfully committed to memory ]
--
We don't need no side effect-ing
We don't need no scope control
No global variables for execution
Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
 
Reply With Quote
 
 
 
Reply

« Frame-relay traffic shaping | PIX static to itself? »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn on 2811 with overlapping networks and all natting on one side Robby Cauwerts Cisco 2 11-27-2007 06:25 AM
Cisco 2811 VPN NATting Anthony J. Biacco Cisco 0 05-24-2007 03:26 PM
PIX 515e - Double NATting? CD Cisco 6 11-17-2006 08:50 AM
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top