Hello, here is the scenario,
Site in Paris:
external IP of the PIX: 195.238.14.14/28 internal IP of the PIX 192.168.10.1/25
Site in Madrid:
external IP of the PIX: 212.217.67.87/29 internal IP of the PIX: 10.10.10.1/25
Ok, the subnet in Paris has to show up in Madrid as 192.168.10.2, this ip begets the source ip of any packets going through a VPN to reach any devices in Madrid.
How do I do it?
I understand I need,
Same phase 1 and phase 2 on both sites,
on Paris, I need a nat0 access list like
access-list nat0 permit ip 192.168.10.2 255.255.255.255 10.10.10.0
255.255.255.128an access-list that is going to match the crypto-map, like
access-list mymap permit ip 192.168.10.2 255.255.255.255 10.10.10.0
255.255.255.128on Madrid, I need an access-list nat0
access-list nat0 permit ip 10.10.10.0 255.255.255.128 host 192.168.10.2
and
access-list mymap permit ip 10.10.10.0 255.255.255.128 host 192.168.10.2
My question is, how do I hide-nat Paris to make sure the traffic will not be "nat 1 (inside)" to the external IP address of the firewall for web browsing? I am afraid, there is like a race condition between the nat0 and the nat 1.
Would you tell me more on that?
Thank you,
Alfred