Usually the VPN traffic should be excluded from NAT "nat (inside) 0". This time I've received request to establish VPN connection to the internal server but via public ip address.
This means on my PIX device the inbound packet first should be decrypted and after transformed by the NAT engine. Almost the same but with in different order should be done with outbound packets. Is it enough just exclude server from "nat (inside) 0 list"? If not what else should be done?
Example:
My pix outside (public) interface address: p.p.p.1/24 My pix inside (private) interface address: i.i.i.1/24
My server external (public) address: p.p.p.2/24 My server internal (private) address: i.i.i.2/24
client behind peer's VPN device want's to be connected via VPN and access server via p.p.p.2 address and not via i.i.i.2.
Is this possible?
Thanks, Evgeni.