Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 7, Issue 9
From: Mikael Velschow-Rasmussen <mvr () nworks dk>
Date: Sun, 12 Nov 2006 11:10:35 +0100
Hi Paolo !! Have you tried e.g.: access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16 global (outside) 1 interface static (inside,outside) 172.28.150.32/28 192.168.99.x/28 nat (inside) 1 0 0 crypto map <mapname> 10 match address 100 If you need to do the NAT dynamically i would try this: access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16 access-list 101 extended permit ip 192.168.99.x/24 172.28.x.x/16 nat (inside) 1 access-lists 101 nat (inside) 2 0 0 global (outside) 1 172.28.150.32/28 global (outside) 2 interface crypto map <mapname> 10 match address 100 NB: just typed it on top of my head so maybe there's some syntax errors. Regards Mikael Velschow-Rasmussen M.Sc.e.e., CCIE #9973, CCSI #22493, INFOSEC, SANS GCFW #0565, HP MASE mvr () nworks dk That is what I thought of doing but I can't find any documentation on how to do it. Can you please direct me to documentation that show's how to NAT traffic going into a VPN? TIA Paolo _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 7, Issue 9 Mikael Velschow-Rasmussen (Nov 12)