Announcement

Collapse
No announcement yet.

Policy NAT for VPN traffic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Policy NAT for VPN traffic

    I have a Cisco PIX 515E. What i am trying to do is to NAT the traffic thru a VPN. Here are some details.

    outside interface 66.109.XXX.XXX 255.255.XXX.XXX

    inside interface 10.20.XXX.XXX 255.255.XXX.XXX

    The other side of the VPN has a public ip of 12.108.xxx.xxx and a private ip address of 10.251.0.0/16

    What I need to do is to translate my inside ip's which are 10.20.xxx.xxx to 172.20.xxx.xxx

    This is where I am stuck. These are the commands I have used

    access-list new extended permit ip 172.20.0.0 255.255.0.0 10.251.0.0 255.255.0.0

    access-list policy-nat extended permit ip 10.20.0.0 255.255.0.0 10.251.0.0 255.255.0.0

    and at this command I get an error from the pix

    static (inside,outside) 172.20.0.0 access-list policy-nat

    this is the error I receive

    ERROR: mapped-address conflict with existing static
    inside:10.20.0.0 to outside:172.20.0.0 netmask 255.255.0.0

    I have the crypto maps configured but the above is where the problem lies.

    Any help would be appreciated. Thanks.

  • #2
    Re: Policy NAT for VPN traffic

    Normally you would do a L2L vpn tunnel where the traffic destined for the remote subnet is tunneled.

    Infact the only traffic that isnt normally nat-ed is the traffic destined for the tunnel.

    http://www.cisco.com/en/US/products/...8073e078.shtml

    Comment

    Working...
    X