PIX site to site VPN NAT question

When trying to set up a new site to site VPN on our Cisco PIX 506E
a basically copied the settings of the current vpn.

all the setting i copied and changed then added to the config worked except this one...

the origional settings were...

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0 0

so i copied the first bit to represent the new access-list i had created.
and then added this...

nat (inside) 2 access-list inside_outbound_nat1_acl

it added without problem in the CLI but in the PDM it came up with this causing an error.

Can someone tell me whats wrong?

Who is Participating?
SorensonConnect With a Mentor Commented:
nat (inside) 0 specifies an access-list that skips that outbound NAT application.
The access-list tied to it should specify the VPN partners ip subnets, etc.  You will need to add the lines to the inside_outbound_nat0_acl, to specify your inside addresses and the new sites inside ip addresses.

specifying any other number after the nat (inside) matches it to a specific "global" command that sets the external nat address(s) to be used.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.