Ok. What I want to do seems quite simple, but whatever I just can't quite get the pieces to mesh. I have a pix 501 that I'm trying to configure to provide VPN access to our local network for clients running the Cisco VPN client 4.x.
Our network is seperated into VLANS, but uses public IP's for most machines. I'll use fake numbers for my examples though. The Outside interface has a public IP of 172.46.32.100. This is connected to our DMZ VLAN. The "Inside" interface has a public IP of 172.46.24.100, which is connected to a separate VLAN.
What I want to do is have the VPN clients connect to the outside interface, get a private IP (from 192.168.2.0/24) and then be NAT'd (PAT) to the inside interface IP of 172.46.24.100. That way, the routing meshes with everything because all the VPN client traffic would appear to come from the interface IP of the pix. In all the various permutations of configurations I've done, it ends up with the client computer connecting, getting a 192.168 address, and then it merely passes through the IP un-NAT'd (i.e., the servers on the local network see connections coming in from 192.168.2.x). I can make this work by adding static routes to direct traffic destined for
192.168.2.x to the PIX, but I'd rather have it just NAT everything to make things cleaner.