Re: [fw-wiz] PIX515 Inside NAT to private addresses through P2PTunnel



Will you be having bi-directional traffic? If so, then you will need to do the reverse of this in the other direction. Outbound you need to source NAT your 10.195.x.x (i.e local network) addresses to say 10.2.2.x, so the remote network does not see the src as its own subnet, so they can traverse the tunnel. All your other subnets will not have to source NAT because they do not overlap.  Although, you will then need to use another IP scheme to destination NAT to the 10.195.x.x on the other side, so all your local nodes on your network are talking to another subnet other than 10.195.x.x (i.e. remote network), but the PIX is translating it to a 10.195.x.x so the other side knows where to send the packet over the tunnel. 
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml


Chris Myers

John 1:17
For the Law was given through Moses; grace and truth were realized through Jesus Christ.  


   Go Vols!!!!

On Aug 26, 2008, at 1:02 PM, Dave Arroyo wrote:

I am not a PIX super user but know enough to get in trouble...
I have a PIX515 that has a site to site tunnel to a client location where we will be accessing Citrix servers, they are using a 10.195.x.x network that overlaps with other private ranges allready in use throughout our network. I can not get routing to the 10.195 networks that are on the other end of this tunnel from the rest of my network.
How do I create a/an psudo address(es) that will NAT to the 10.195 going through the tunnel ? I am lost !!!!

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards