Re: VPN NAT issue

["Dave Love" <dlove () verticalsystemsinc net>]

Those commands do not allow access. You need to use a static rule then
provide an access list. They should be the same as the other ones with
different numbers and also apply the access-list to the other interface
using a different name. Forexample, Access-list IN and Access-list IN2
are bound to the interface by Access-Group IN and Access-Group IN2.

I've attached a document that shows the rules. It's a little old but
still relevant.

I think this is what you are asking.


-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Vladislav Antolik
Sent: Wednesday, November 12, 2008 3:52 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] VPN NAT issue

Hello,

I'm using Cisco PIX 515E with 8.0(3) image.
I have 3 networks.
IN 172.16.0.0/16
IN2 173.16.0.0/16
OUT 174.16.0.0/16.
VPN local pool is 10.0.0.0/28.
I'm using remote access VPN to reach IN servers without problems(I
used howto from Cisco pix conf. guide)

I would like to reach IN2 servers too, but I don't know to setup NAT
from vpn pool to this network(IN2).
I this network (IN2) my VPN hosts(10.0.0.0/28) must be translated.

I tried
nat (OUT) 66 10.0.0.0 255.255.255.240
global (IN2) 66 173.16.0.5
but this doesn't work.

Is any possibility to translate VPN pool?

Many thanks
Vladislav
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: connectivity.pdf
Description: connectivity.pdf

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards