Hi all, I must create a site-to-site VPN with a customer X that has in its internal network the same ip range of my *inside* interface. My VPN peer is a PIX 515 ver 6.2(2). I have already done some tunnels with other customers and I have always used their real private IPs in my encryption domain; the other point is that customer X has to reach few servers in my LAN and probably a static nat is needed. X provides me the subnet it's going to use to NAT its PCs when they search for my servers, so the static NAT should be applied ONLY if the destination belong to customer X range.
This is the interfaces list:
- inside (192.168.0.0/22)
- DMZ (192.168.200.0/24)
- alpha (private range)
- TELECOM (public range)
The overlapping is for inside and DMZ
The running configuration about nat is
nat (DMZ) 0 access-list NatZeroDmz nat (DMZ) 1 192.168.200.0 255.255.255.192 0 0 global (DMZ) 1 192.168.200.100-192.168.200.253 netmask 255.255.255.0 global (DMZ) 1 192.168.200.254 nat (inside) 0 access-list NatZero nat (inside) 1 0.0.0.0 0.0.0.0 0 0 global (TELECOM) 1 interface
Obviousily crypto map is applied on TELECOM
Can I manage this new scenario ? Will the changes heavily affect the others connections ?
Thank you for your help!