VPN Tunnel and NAT

[DrGreen26]

Ok, as familiar as I am with a pix firewall this is one item I am not..

I want to take my internal IP and nat it to another internal ip to go across a specific vpn tunnel only. Is this possible on a cisco PIX?

I was able to do this on a cisco vpn concentrator and it was pretty cool how easily it worked..

I already have all the basic configurations of the firewall..so I just need some advice on how to do this without interferring with other vpn tunnels that are setup that do not require the internal ip address to be nat'd.

Thanks



Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.

 

[aisdale]

You'll need to use "nat" instead of "static".

for example if your remote subnet (other side of VPN) is 10.10.1.0, and you want to nat an internal host to 10.10.2.100 when it goes across that tunnel:

global (outside) 5 10.10.2.100
nat(inside) 5 access-list 101

access-l 101 permit ip [inside host address] 10.10.1.0 255.255.255.0
access-l 101 deny ip any any

So what you are saying is that ONLY traffic from the hosts you specify, to the subnet you specify, will be nat'd.