Hi Paolo !!
Have you tried e.g.:
access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
global (outside) 1 interface
static (inside,outside) 172.28.150.32/28 192.168.99.x/28
nat (inside) 1 0 0
crypto map <mapname> 10 match address 100
If you need to do the NAT dynamically i would try this:
access-list 100 extended permit ip 172.28.150.32/28 172.28.x.x/16
access-list 101 extended permit ip 192.168.99.x/24 172.28.x.x/16
nat (inside) 1 access-lists 101
nat (inside) 2 0 0
global (outside) 1 172.28.150.32/28
global (outside) 2 interface
crypto map <mapname> 10 match address 100
NB: just typed it on top of my head so maybe there's some syntax errors.
Regards
Mikael Velschow-Rasmussen
M.Sc.e.e., CCIE #9973, CCSI #22493,
INFOSEC, SANS GCFW #0565, HP MASE
mvr@nworks.dk
That is what I thought of doing but I can't find any documentation on
how to do it. Can you please direct me to documentation that show's how
to NAT traffic going into a VPN?
TIA
Paolo
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|