Re: [fw-wiz] firewall-wizards Digest, Vol 7, Issue 9
- From: Mikael Velschow-Rasmussen <mvr@xxxxxxxxx>
- Date: Sun, 12 Nov 2006 11:10:35 +0100
Hi Paolo !!
Have you tried e.g.:
access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
global (outside) 1 interface
static (inside,outside) 172.28.150.32/28 192.168.99.x/28
nat (inside) 1 0 0
crypto map <mapname> 10 match address 100
If you need to do the NAT dynamically i would try this:
access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
access-list 101 extended permit ip 192.168.99.x/24 172.28.x.x/16
nat (inside) 1 access-lists 101
nat (inside) 2 0 0
global (outside) 1 172.28.150.32/28
global (outside) 2 interface
crypto map <mapname> 10 match address 100
NB: just typed it on top of my head so maybe there's some syntax errors.
Regards
Mikael Velschow-Rasmussen
M.Sc.e.e., CCIE #9973, CCSI #22493,
INFOSEC, SANS GCFW #0565, HP MASE
mvr@xxxxxxxxx
That is what I thought of doing but I can't find any documentation on
how to do it. Can you please direct me to documentation that show's how
to NAT traffic going into a VPN?
TIA
Paolo
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: Re: [fw-wiz] bypassing PIX limitation
- Next by Date: [fw-wiz] Mis-attribution - Re: How automate firewall tests
- Previous by thread: [fw-wiz] PC Firewall Evaluations
- Next by thread: [fw-wiz] Mis-attribution - Re: How automate firewall tests
- Index(es):
Relevant Pages
|
