«

Hi Group

I try to build a 2nd IPSec Tunnel from SiteA to SiteC, but SiteC have
the same IP Address Range like SiteB:

SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
SiteC: 192.168.33.0/24 / PIX OS 6.3(5)

The tunnel from A to B is up and runs fine.

I want to translate to Adresses for the SiteC on the PIX on SiteA
(192.168.233.0 [SiteA] > 192.168.33.0 [for SiteC]) and i saw this
example:

http://www.cisco.com/en/US/partner/p...808c9950.shtml

I play arround with this example, but i don't want to translate on the
PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
the connection to SiteB, but i never bring up the tunnel to SiteC.

Is there anyone who can give me a tip how i need to build the access-
list and static statement?

Thank you lot.

ivo

<> wrote in message
news:bfa6c2f5-bc4b-4004-9854-...
>
> Hi Group
>
> I try to build a 2nd IPSec Tunnel from SiteA to SiteC, but SiteC have
> the same IP Address Range like SiteB:
>
> SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
> SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
> SiteC: 192.168.33.0/24 / PIX OS 6.3(5)
>
> The tunnel from A to B is up and runs fine.
>
> I want to translate to Adresses for the SiteC on the PIX on SiteA
> (192.168.233.0 [SiteA] > 192.168.33.0 [for SiteC]) and i saw this
> example:
>
> http://www.cisco.com/en/US/partner/p...808c9950.shtml
>
> I play arround with this example, but i don't want to translate on the
> PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
> PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
> the connection to SiteB, but i never bring up the tunnel to SiteC.
>
> Is there anyone who can give me a tip how i need to build the access-
> list and static statement?
>
> Thank you lot.
>
> ivo
>

You need to do the NAT on site C's Pix not site A's.

Thank you Brian

When i define the NAT on SiteC, it works. Is there no chance to do
that on SiteA?




On 17 Nov., 12:53, "Brian V" <diespam...@nospam.com> wrote:
> <googlegro...@ruetsche.com> wrote in message
>
> news:bfa6c2f5-bc4b-4004-9854-...
>
>
>
>
>
> > Hi Group
>
> > I try to build a 2ndIPSecTunnel fromSiteAtoSiteC, butSiteChave
> > the same IP Address Range likeSiteB:
>
> >SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
> >SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
> >SiteC: 192.168.33.0/24 / PIX OS 6.3(5)
>
> > The tunnel from A to B is up and runs fine.
>
> > I want to translate to Adresses for theSiteCon the PIX onSiteA
> > (192.168.233.0 [SiteA] > 192.168.33.0 [forSiteC]) and i saw this
> > example:
>
> >http://www.cisco.com/en/US/partner/p...ps2030/product...
>
> > I play arround with this example, but i don't want to translate on the
> > PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
> > PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
> > the connection toSiteB, but i never bring up the tunnel toSiteC.
>
> > Is there anyone who can give me a tip how i need to build the access-
> > list and static statement?
>
> > Thank you lot.
>
> > ivo
>
> You need to do the NAT on site C's Pix not site A's.

<> wrote in message
news:81ff3e00-e7d3-47ab-a8b5-...
>
> Thank you Brian
>
> When i define the NAT on SiteC, it works. Is there no chance to do
> that on SiteA?
>
>
>
>
> On 17 Nov., 12:53, "Brian V" <diespam...@nospam.com> wrote:
>> <googlegro...@ruetsche.com> wrote in message
>>
>> news:bfa6c2f5-bc4b-4004-9854-...
>>
>>
>>
>>
>>
>> > Hi Group
>>
>> > I try to build a 2ndIPSecTunnel fromSiteAtoSiteC, butSiteChave
>> > the same IP Address Range likeSiteB:
>>
>> >SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
>> >SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
>> >SiteC: 192.168.33.0/24 / PIX OS 6.3(5)
>>
>> > The tunnel from A to B is up and runs fine.
>>
>> > I want to translate to Adresses for theSiteCon the PIX onSiteA
>> > (192.168.233.0 [SiteA] > 192.168.33.0 [forSiteC]) and i saw this
>> > example:
>>
>> >http://www.cisco.com/en/US/partner/p...ps2030/product...
>>
>> > I play arround with this example, but i don't want to translate on the
>> > PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
>> > PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
>> > the connection toSiteB, but i never bring up the tunnel toSiteC.
>>
>> > Is there anyone who can give me a tip how i need to build the access-
>> > list and static statement?
>>
>> > Thank you lot.
>>
>> > ivo
>>
>> You need to do the NAT on site C's Pix not site A's.
>

Not without getting very ugly in the config. I.E. addding an additional
outside interface to Pix A, moving NAT to the internet router, subnet
specific routing, etc.... The problem is that Site A has no way to
differentiate what site gets NAT'd, you have a single "nat (inside,outside)"
which covers both destination subnets.