The PIX does not route. Period.
----- Original Message -----
From: Kenneth <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 15, 2001 6:35 PM
Subject: Re: PIX and NAT with VPN
> I'm totally foreign to PIX but I'm just wondering, maybe it's possible to
> use policy-based routing on PIX?
>
> "Rick Holden" <[EMAIL PROTECTED]> wrote in message
> 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]...
> > I have a PIX firewall that is being used for a VPN as well. The problem
is
> > all the inside addresses are being translated to public addresses even
> when
> > the traffic is destine for the VPN tunnel. I tried the following
commands
> > but this seems to block all translations.
> > (real IPs have been replaced for security)
> >
> > access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0
> > 255.255.255.0
> > nat (inside) 0 access-list nonat
> > global (outside) 1 172.16.10.1 net 255.255.255.255
> >
> > I also tried using DENY in the access list
> > access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0
> > 255.255.255.0
> > This didn't work either.
> >
> > How can I can the traffic destined for the Internet to be translated and
> the
> > traffic destined for the VPN not be translated?
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
