Cisco VPN3030 Lan to lan NAT

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

ClientA -- NetA -- VPN3030 ....@.... FW-1NG -- NetB -- Server

ClientA on NetA ( needs access NetB Server (Host=
Via Lan to Lan tunnel set up between Cisco VPN3030 and a Checkpoint FW-1 NG.

NetB Server (Host= subnet is also routed elsewhere on NetA.
Also NetA subnet is routed locally on NetB
I need "one-sided" NAT

Here is what I have done:

- Reserved an IP from local pool in VPN3030 IP=
- Create L2L with Peer for FW-1, PSK, Local network= /32
- Create L2L-NAT rule and enabled it:
Source= Remote=
- Add Static route towards public interface for

This does not work. My guess is that the NAT rule is wrong, or that the
terms source:trans - Remote means different

that I imagine.

Is it true that the above NAT rule means that 10 gets its source translated
into 192.168 ?
And how must I interpritate the Remote ?

What I want to do, is to have ClientA on NetA ( access the
IP= and have this translated

into, and then put this into the tunnel towards FW1-NG

How can this be done in the VPN3030 ??

Please comment ...

Martin Bilgrav

Site Timeline