PIX 6.3(5) NAT Headache

Due to some inflexibility on the part of a 3rd party I am faced with adding NAT complexity to what was going to be a simple solution (public to public VPN).

My network has a PIX pair running 6.3(5). There are several interfaces and lots of NAT, Policy NAT etc. To keep thing simple the point of interest are...

static (inside,outside) 62.X.X.1 netmask static (inside,outside) 62.X.X.2 netmask

Originally my crypto-acl was going to use these 2 x public IP's. Now the remote end is telling me that they will not do a public to public connection and they insist that....

Their users will come from say (on the outside) and will target the above hosts 62.X.X.1 & .2 by the address & 2 respectively.

So on my PIX I have to say, anything from a source address of targeting a destination address of & .2 NAT to the real addresses of & .2.

My second problem is I may have to modify the source address of the traffic ( as the main site I control uses various ranges in 10.0.0/8. With this in mind I take it I would need outside NAT.

Any help appreciated here.

I off to blow the dust off my PIX book now to see if I can find a good example or two.



Reply to
Loading thread data ...

Hello Darren,

we could achive this by adding a no nat access rule. eg:

formatting link

Darren wrote:

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.