Re: [fw-wiz] PIX515 Inside NAT to private addresses through P2PTunnel



Dave,

As correctly suggested by the group you would need to use *policy
based static NAT*. Keep in mind, NATing happens first and then will
hit the crypto map.So, define your crypto ACLs accordingly. Make sure
there is no conflicting NAT-0 statement for the crypto traffic as,
NAT-0 will take precedence over Static !

Thanks,
Aditya Govind Mukadam

On Fri, Sep 5, 2008 at 1:43 AM, Robby Cauwerts <robby@xxxxxxxxxxx> wrote:
Hi,

You can nat both source and destination at your site.

Have a look at the following example:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Keep in mind that when using this setup you will need to publish the natted
address on your Citrix servers (google for "Altaddr").

Br.
Robby

On Tue, Aug 26, 2008 at 8:02 PM, Dave Arroyo <dave.a@xxxxxxxxxx> wrote:

I am not a PIX super user but know enough to get in trouble...
I have a PIX515 that has a site to site tunnel to a client location where
we will be accessing Citrix servers, they are using a 10.195.x.x network
that overlaps with other private ranges allready in use throughout our
network. I can not get routing to the 10.195 networks that are on the other
end of this tunnel from the rest of my network.
How do I create a/an psudo address(es) that will NAT to the 10.195 going
through the tunnel ? I am lost !!!!

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: XP Home: selective folder sharing
    ... >same would hold for any wireless connection. ... Explaining bridges vs NAT is not easy. ... network are visible to all other components on each network. ... With a bridge (if Falcon-II is providing one), ...
    (microsoft.public.windowsxp.network_web)
  • Re: XP Home: selective folder sharing
    ... > Explaining bridges vs NAT is not easy. ... > network are visible to all other components on each network. ... > With a bridge (if Falcon-II is providing one), ... > For protection inside the NAT router, ...
    (microsoft.public.windowsxp.network_web)
  • Re: [9fans] Do we have a catalog of 9P servers?
    ... I believe state information and communication buffers are the biggest memory spending for network operations. ... There _could_ be a trade-off between the transient NAT with its processing power toll and the persistent /net-import with its memory cost. ... By contrast, on a large network /net-import strategy could make a "powerful" gateway unavoidable because every machine on the network will need a session with the gateway even if it only rarely communicates with the outside world, unless you implement an ... Or is it because Plan 9 has much less inertia because of a smaller user base? ...
    (comp.os.plan9)
  • Re: [9fans] Do we have a catalog of 9P servers?
    ... network layer data units, ergo, NAT again. ... The "packet ...
    (comp.os.plan9)
  • Re: AD/DNS with NAT
    ... his entire network is based on a private range. ... Datacenters host servers as Domain Controllers AD2003, DNS, Exchange ... every small offices to use NAT in order to keep the private IP range ...
    (microsoft.public.windows.server.networking)