Firewall Wizards mailing list archives
Re: VPN NAT issue
From: "Kevin Horvath" <kevin.horvath () gmail com>
Date: Wed, 26 Nov 2008 09:35:21 -0500
you will need a static nat or nat exemption. You are trying to access from a low security interface to a higher one so put a translation in for the 173.16 net to the vpn pool either by static or nat0. For the static it would be IN2 int to OUT and for nat0 apply it to IN2 where the rules stipulate the src from IN2 net to the vpn local pool. Also apply the acl entries allowing this traffic to the outside acl. Let me know if you have any issues. Kevin On Wed, Nov 12, 2008 at 4:52 AM, Vladislav Antolik < vladislav.antolik () gmail com> wrote:
Hello, I'm using Cisco PIX 515E with 8.0(3) image. I have 3 networks. IN 172.16.0.0/16 IN2 <http://172.16.0.0/16IN2> 173.16.0.0/16 OUT 174.16.0.0/16. VPN local pool is 10.0.0.0/28. I'm using remote access VPN to reach IN servers without problems(I used howto from Cisco pix conf. guide) I would like to reach IN2 servers too, but I don't know to setup NAT from vpn pool to this network(IN2). I this network (IN2) my VPN hosts(10.0.0.0/28) must be translated. I tried nat (OUT) 66 10.0.0.0 255.255.255.240 global (IN2) 66 173.16.0.5 but this doesn't work. Is any possibility to translate VPN pool? Many thanks Vladislav _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN NAT issue Vladislav Antolik (Nov 26)
- Re: VPN NAT issue Kevin Horvath (Nov 26)
- Re: VPN NAT issue Lord Sporkton (Nov 28)
- Re: VPN NAT issue Dave Love (Nov 26)
- Re: VPN NAT issue Lord Sporkton (Nov 26)
- Re: VPN NAT issue Kevin Horvath (Nov 26)