Use a "static" to itself, takes presidence over NAT.
Or you can use NAT 0 but you can only use it once.
""Rick Holden"" <[EMAIL PROTECTED]> wrote in message
002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]...
> I have a PIX firewall that is being used for a VPN as well. The problem is
> all the inside addresses are being translated to public addresses even
when
> the traffic is destine for the VPN tunnel. I tried the following commands
> but this seems to block all translations.
> (real IPs have been replaced for security)
>
> access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0
> 255.255.255.0
> nat (inside) 0 access-list nonat
> global (outside) 1 172.16.10.1 net 255.255.255.255
>
> I also tried using DENY in the access list
> access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0
> 255.255.255.0
> This didn't work either.
>
> How can I can the traffic destined for the Internet to be translated and
the
> traffic destined for the VPN not be translated?
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
