Hello Darren,
we could achive this by adding a no nat access rule.
eg:
http://www.cisco.com/warp/public/110/38.html
Thanks
Darren wrote:
> Due to some inflexibility on the part of a 3rd party I am faced with
> adding NAT complexity to what was going to be a simple solution (public
> to public VPN).
>
> My network has a PIX pair running 6.3(5). There are several interfaces
> and lots of NAT, Policy NAT etc. To keep thing simple the point of
> interest are...
>
> static (inside,outside) 62.X.X.1 172.16.1.1 netmask 255.255.255.255
> static (inside,outside) 62.X.X.2 172.16.1.2 netmask 255.255.255.255
>
> Originally my crypto-acl was going to use these 2 x public IP's. Now the
> remote end is telling me that they will not do a public to public
> connection and they insist that....
>
> Their users will come from say 10.1.1.0/24 (on the outside) and will
> target the above hosts 62.X.X.1 & .2 by the address 172.23.1.1 & 2
> respectively.
>
> So on my PIX I have to say, anything from a source address of
> 10.1.1.0/24 targeting a destination address of 172.23.1.1 & .2 NAT to
> the real addresses of 172.16.1.1 & .2.
>
> My second problem is I may have to modify the source address of the
> traffic (10.1.1.0/24) as the main site I control uses various ranges in
> 10.0.0/8. With this in mind I take it I would need outside NAT.
>
> Any help appreciated here.
>
> I off to blow the dust off my PIX book now to see if I can find a good
> example or two.
>
> Regards
>
> Darren
Similar Threads
