Re: VPN NAT issue

["Kevin Horvath" <kevin.horvath () gmail com>]

you will need a static nat or nat exemption.  You are trying to access from
a low security interface to a higher one so put a translation in for the
173.16 net to the vpn pool either by static or nat0.  For the static it
would be IN2 int to OUT and for nat0 apply it to IN2 where the rules
stipulate the src from IN2 net to the vpn local pool.  Also apply the acl
entries allowing this traffic to the outside acl.  Let me know if you have
any issues.

Kevin

On Wed, Nov 12, 2008 at 4:52 AM, Vladislav Antolik <
vladislav.antolik () gmail com> wrote:

> Hello,
>
> I'm using Cisco PIX 515E with 8.0(3) image.
> I have 3 networks.
> IN 172.16.0.0/16
> IN2 <http://172.16.0.0/16IN2> 173.16.0.0/16
> OUT 174.16.0.0/16.
> VPN local pool is 10.0.0.0/28.
> I'm using remote access VPN to reach IN servers without problems(I
> used howto from Cisco pix conf. guide)
>
> I would like to reach IN2 servers too, but I don't know to setup NAT
> from vpn pool to this network(IN2).
> I this network (IN2) my VPN hosts(10.0.0.0/28) must be translated.
>
> I tried
> nat (OUT) 66 10.0.0.0 255.255.255.240
> global (IN2) 66 173.16.0.5
> but this doesn't work.
>
> Is any possibility to translate VPN pool?
>
> Many thanks
> Vladislav
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards