[nsp] NAT and VPN

Alan Andrews alan at tieless.com
Fri Nov 21 16:40:53 EST 2003

I did something similar to this where I had an IPSEC VPN between a Cisco
3600 and a Linux host with freeswan.  The router also had to do NAT.

You can see my configs at

It doesn't involve a PIX, but it's still a similar situation on the NAT
router side.  Might help.


On Fri, 2003-11-21 at 15:12, Krzysztof Adamski wrote:
> I need to join two networks, and I need to NAT some hosts.
> The network looks like this:
> HostA ---- Router A1 ---- Router A2 ---- Router A3 --- Internet
> Internet --- PIX B --- net B
> Currently Host A is and needs to be visible as to
> net B network.
> Router A3 has a single static IP for connecting to the Internet. This is
> where the VPN to the PIX B is going be setup. I would prefer to do the NAT
> on A3.
> net B is /26
> Nothing else is to go though the VPN.
> The connection between net B and HostA has to be bidirectional, there are
> 4 more machines like HostA, each is to have a uniq IP.
> How should the NAT be setup, and how this will interact with the VPN?
> K
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list