PIX natting of a VPN tunnel?

Discussion in 'Cisco' started by Raymond Doetjes, Dec 20, 2004.

  1. Hi there,

    I have a little problem.
    I need to NAT a certain tunnel form local nat 192.168.2.0/24 to
    172.16.17.34.
    I was hoping to use policy based nat with nat a nat+access-list and a
    global (outside) 172.16.17.34. However an access-list with nat can only
    work on nat 0. Which we use to exempt the other VPN tunnels from the
    global nat.

    If anyone has experience with natting a single VPN with a PIX please
    give me some leads, because I'm pretty much stuck. Also due to the fact
    that you can't create virtual Loopback interfaces ob the PIX which I
    usually use on a Cisco router IOS, to achieve this.

    Greetz,


    Raymond
     
    Raymond Doetjes, Dec 20, 2004
    #1
    1. Advertising

  2. Raymond Doetjes

    PES Guest

    Raymond Doetjes wrote:
    > Hi there,
    >
    > I have a little problem.
    > I need to NAT a certain tunnel form local nat 192.168.2.0/24 to
    > 172.16.17.34.
    > I was hoping to use policy based nat with nat a nat+access-list and a
    > global (outside) 172.16.17.34. However an access-list with nat can only
    > work on nat 0. Which we use to exempt the other VPN tunnels from the
    > global nat.
    >
    > If anyone has experience with natting a single VPN with a PIX please
    > give me some leads, because I'm pretty much stuck. Also due to the fact
    > that you can't create virtual Loopback interfaces ob the PIX which I
    > usually use on a Cisco router IOS, to achieve this.
    >
    > Greetz,
    >
    >
    > Raymond


    The feature you are looking for is called policy nat. It does permit
    the use of an acl on a nat statement. I think it was introduced in
    something like ver 6.2.

    --
    -------------------------
    Paul Stewart
    Lexnet Inc.
    Email address is in ROT13
     
    PES, Dec 20, 2004
    #2
    1. Advertising

  3. In article <41c6ada6$>, PES <> wrote:
    :The feature you are looking for is called policy nat. It does permit
    :the use of an acl on a nat statement. I think it was introduced in
    :something like ver 6.2.

    It was 6.3(2) that introduced it.

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1113601

    [Yey! Another bit of trivia successfully committed to memory ;-) ]
    --
    We don't need no side effect-ing
    We don't need no scope control
    No global variables for execution
    Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
     
    Walter Roberson, Dec 20, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,168
  2. Trouble
    Replies:
    0
    Views:
    750
    Trouble
    Aug 4, 2006
  3. Trouble
    Replies:
    1
    Views:
    582
  4. Anthony J. Biacco

    Cisco 2811 VPN NATting

    Anthony J. Biacco, May 24, 2007, in forum: Cisco
    Replies:
    0
    Views:
    984
    Anthony J. Biacco
    May 24, 2007
  5. Robby Cauwerts
    Replies:
    2
    Views:
    712
    Robby Cauwerts
    Nov 27, 2007
Loading...

Share This Page