PIX: NAT inside VPN tunnel (515e)

- J
- Jyri Korhonen
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Jul 22, 2005 1:36 AM

Yes, and there are two ways to do it:

Policy NAT. Walter has tested that this will work even if the connection is initiated from the remote LAN.

access-list VPN_NAT permit ip [FROM] [TO] nat (inside) X access-list VPN_NAT global (outside) X [NAT_IP] [MASK]

(where X is a number, but not 0)

Static NAT, because "nat (inside) 0" will override this if you need both NATted and non-NATted VPN accesses.

static (inside,outside) [NAT_IP] [FROM] netmask 255.255.255.255

Check the NAT order table from the below link. Then you can select the method that suits you best.

formatting link

Loading thread data ...

- M
- Markus Marquardt
  
  Contact options for registered users
posted
18 years ago

Fri, Jul 22, 2005 2:17 AM

Hello,

maybe this is a newbie question, but i was unable to find an answer in all the PIX documentation about this - I'm still lacking to have a "big picture" how all the services on the pix work together:

The PIX has one outside interface with a public IP address and one inside interface with a private IP address, let's say 192.168.0.1/24. The tunnel should connect the local network with a remote network (10.0.0.0/24). Now - for administration reasons - i want to use NAT to hide my private 192.168.0.0/24 network in the VPN tunnel so that the other side sees some other address (ie 10.1.0.0/24) instead.

My understanding of (static) NAT on the PIX so far is, that it's only possible between two interfaces.

Is it possible to configure this scenario?

Regards, Markus

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.