Re: firewall-wizards Digest, Vol 7, Issue 9

[Mikael Velschow-Rasmussen <mvr () nworks dk>]

Hi Paolo !!

Have you tried e.g.:

access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
global (outside) 1 interface 
static (inside,outside) 172.28.150.32/28 192.168.99.x/28
nat (inside) 1 0 0
crypto map <mapname> 10 match address 100

If you need to do the NAT dynamically i would try this:

access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
access-list 101 extended permit ip 192.168.99.x/24 172.28.x.x/16
nat (inside) 1 access-lists 101
nat (inside) 2 0 0
global (outside) 1 172.28.150.32/28
global (outside) 2 interface 
crypto map <mapname> 10 match address 100

NB: just typed it on top of my head so maybe there's some syntax errors.

Regards
Mikael Velschow-Rasmussen
M.Sc.e.e., CCIE #9973, CCSI #22493,
INFOSEC, SANS GCFW #0565, HP MASE
mvr () nworks dk


That is what I thought of doing but I can't find any documentation on 
how to do it. Can you please direct me to documentation that show's how 
to NAT traffic going into a VPN?

TIA
Paolo

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards