Re: [fw-wiz] VPN NAT issue



you will need a static nat or nat exemption. You are trying to access from
a low security interface to a higher one so put a translation in for the
173.16 net to the vpn pool either by static or nat0. For the static it
would be IN2 int to OUT and for nat0 apply it to IN2 where the rules
stipulate the src from IN2 net to the vpn local pool. Also apply the acl
entries allowing this traffic to the outside acl. Let me know if you have
any issues.

Kevin

On Wed, Nov 12, 2008 at 4:52 AM, Vladislav Antolik <
vladislav.antolik@xxxxxxxxx> wrote:

Hello,

I'm using Cisco PIX 515E with 8.0(3) image.
I have 3 networks.
IN 172.16.0.0/16
IN2 <http://172.16.0.0/16IN2> 173.16.0.0/16
OUT 174.16.0.0/16.
VPN local pool is 10.0.0.0/28.
I'm using remote access VPN to reach IN servers without problems(I
used howto from Cisco pix conf. guide)

I would like to reach IN2 servers too, but I don't know to setup NAT
from vpn pool to this network(IN2).
I this network (IN2) my VPN hosts(10.0.0.0/28) must be translated.

I tried
nat (OUT) 66 10.0.0.0 255.255.255.240
global (IN2) 66 173.16.0.5
but this doesn't work.

Is any possibility to translate VPN pool?

Many thanks
Vladislav
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards