Cisco PIX to FW-1 VPN with policy NAT help request

["Kari Mattsson (km#)" <km1 () trivore com>]

Hi!

I have a slight problem :-)  It is propably an easy one for you..

I can get the VPN tunnel up ok, but ping/telnet/etc. isn't going through.
On the FW-1 end they claim traffic is coming is from 10.1.1.0/24 network,
which is not allowed. That is also why my pings are not answered.

I'm trying to PAT all the traffic to IP 133.15.75.35.

Any hints why I'm not succeeding?

Here are some of the fragments of my configuration.
Public IPs are imaginary.

access-list acl2 permit icmp 10.1.1.0 255.255.255.0 any
access-list acl2 permit ip 10.1.1.0 255.255.255.0 any
access-group inside_acl in interface inside

access-list acl3 permit icmp 10.1.1.0 255.255.255.0 host 192.189.32.128
access-list acl3 permit ip 10.1.1.0 255.255.255.0 host 192.189.32.128
global (outside) 99 133.15.75.36-133.15.75.59 netmask 255.255.255.224
global (outside) 99 133.15.75.60 netmask 255.255.255.224
global (outside) 11 133.15.75.35 netmask 255.255.255.224
nat (inside) 0 access-list no_nat
nat (inside) 11 access-list acl3 0 0
nat (inside) 99 10.1.1.0 255.255.255.0 0 0

crypto map map7 10 ipsec-isakmp
crypto map map7 10 match address acl3
crypto map map7 10 set peer 223.10.2.8
crypto map map7 10 set transform-set 3des-md5
crypto map map7 10 set security-association lifetime seconds 86400
isakmp key ******** address 223.10.2.8 netmask 255.255.255.255 no-xauth


//km1 () trivore com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards