PIX: NAT inside VPN tunnel (515e)

Yes, and there are two ways to do it:

  1. Policy NAT. Walter has tested that this will work even if the connection is initiated from the remote LAN.

access-list VPN_NAT permit ip [FROM] [TO] nat (inside) X access-list VPN_NAT global (outside) X [NAT_IP] [MASK]

(where X is a number, but not 0)

  1. Static NAT, because "nat (inside) 0" will override this if you need both NATted and non-NATted VPN accesses.

static (inside,outside) [NAT_IP] [FROM] netmask

Check the NAT order table from the below link. Then you can select the method that suits you best.

formatting link

Reply to
Jyri Korhonen
Loading thread data ...


maybe this is a newbie question, but i was unable to find an answer in all the PIX documentation about this - I'm still lacking to have a "big picture" how all the services on the pix work together:

The PIX has one outside interface with a public IP address and one inside interface with a private IP address, let's say The tunnel should connect the local network with a remote network ( Now - for administration reasons - i want to use NAT to hide my private network in the VPN tunnel so that the other side sees some other address (ie instead.

My understanding of (static) NAT on the PIX so far is, that it's only possible between two interfaces.

Is it possible to configure this scenario?

Regards, Markus

Reply to
Markus Marquardt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.