I hope I ask this correctly as I am covering for our network engineer. We have an ipsec vpn tunnel to a partner site between 2 cisco 515e pix firewalls. Our partner site stated that we NAT our internal addresses to their internal address scheme so we have a server that has a static entry (static (inside,internet) 10.103.5.1 10.0.33.70 netmask
255.255.255.255). So this server does not get a global address from the pool as all the others do. This seems to mean that the server (10.0.33.70) can traverse the tunnel and get to our partner correctly but not get to the regular internet. Now the problem is they want to add another server to the tunnel which is not hard to do except they still want to have this new server access the internet. Once I put the static in for the new server it can traverse the tunnel but of course does not have regular internet access. Is there any way to be able to do both? Any thoughts would be appreciated.Cory