OK maybe this is a terminology misunderstanding on my part, but I have about
15 route statements in my PIX and use a pix->pix vpn using IPSec.
route <interface-name> <ip_address> <netmask> <gateway> <metric>
One of the VPNs set up here had something a little weird where we had to set
up statics for VPN to work but that's something I'll be working on solving
at a later time. Just for grins try setting up a static statement for one
of the workstations trying to get through and see if it stops using NAT.
You'll find the IPSec user guide on the cisco website very useful for more
info on this.
Allen
----- Original Message -----
From: "Groupstudy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 2:38 AM
Subject: Re: PIX and NAT with VPN
> The PIX does not route. Period.
>
> ----- Original Message -----
> From: Kenneth <[EMAIL PROTECTED]>
> Newsgroups: groupstudy.cisco
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 15, 2001 6:35 PM
> Subject: Re: PIX and NAT with VPN
>
>
> > I'm totally foreign to PIX but I'm just wondering, maybe it's possible
to
> > use policy-based routing on PIX?
> >
> > "Rick Holden" <[EMAIL PROTECTED]> wrote in message
> > 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]...
> > > I have a PIX firewall that is being used for a VPN as well. The
problem
> is
> > > all the inside addresses are being translated to public addresses even
> > when
> > > the traffic is destine for the VPN tunnel. I tried the following
> commands
> > > but this seems to block all translations.
> > > (real IPs have been replaced for security)
> > >
> > > access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0
> > > 255.255.255.0
> > > nat (inside) 0 access-list nonat
> > > global (outside) 1 172.16.10.1 net 255.255.255.255
> > >
> > > I also tried using DENY in the access list
> > > access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0
> > > 255.255.255.0
> > > This didn't work either.
> > >
> > > How can I can the traffic destined for the Internet to be translated
and
> > the
> > > traffic destined for the VPN not be translated?
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
