I have a Cisco PIX 515E. What i am trying to do is to NAT the traffic thru a VPN. Here are some details.
outside interface 66.109.XXX.XXX 255.255.XXX.XXX
inside interface 10.20.XXX.XXX 255.255.XXX.XXX
The other side of the VPN has a public ip of 12.108.xxx.xxx and a private ip address of 10.251.0.0/16
What I need to do is to translate my inside ip's which are 10.20.xxx.xxx to 172.20.xxx.xxx
This is where I am stuck. These are the commands I have used
access-list new extended permit ip 172.20.0.0 255.255.0.0 10.251.0.0 255.255.0.0
access-list policy-nat extended permit ip 10.20.0.0 255.255.0.0 10.251.0.0 255.255.0.0
and at this command I get an error from the pix
static (inside,outside) 172.20.0.0 access-list policy-nat
this is the error I receive
ERROR: mapped-address conflict with existing static
inside:10.20.0.0 to outside:172.20.0.0 netmask 255.255.0.0
I have the crypto maps configured but the above is where the problem lies.
Any help would be appreciated. Thanks.
Announcement
Collapse
No announcement yet.
Policy NAT for VPN traffic
Collapse
X
-
Re: Policy NAT for VPN traffic
Normally you would do a L2L vpn tunnel where the traffic destined for the remote subnet is tunneled.
Infact the only traffic that isnt normally nat-ed is the traffic destined for the tunnel.
http://www.cisco.com/en/US/products/...8073e078.shtml
Leave a comment: