[c-nsp] PIX and NAT
Vladimir Sulinets
beerer at gmail.com
Sun Oct 24 09:04:47 EDT 2004
Hello,
is it possible to apply on PIX such scheme? - on the outside interface
there are few IPSec-tunneled clients (with /24 delegated to everyone),
and they must communicate with each other. Under normal circumstances
it is impossible, but for this purpose I want to use router on inside
interface and want pass it traffic from PIX by using NAT. What I mean:
if destination of traffic, received on outside interface, is
10.1.1.0/24, then rewrite it as 10.100.1.0/24, which is routed to
router on inside interface. The same is done for another networks
(10.1.2.0 -> 10.100.2.0, etc). Router returns this traffic to inside
interface (through PBR, for example) and PIX do reverse NAT -
10.100.1.0/24 -> 10.1.1.0/24, which is handled under normal way.
The question - is it possible and, if it, how this can be done?
Thank you.
--
Vladimir
More information about the cisco-nsp
mailing list