Dave,

As correctly suggested by the group you would need to use *policy
based static NAT*. Keep in mind, NATing happens first and then will
hit the crypto map.So, define your crypto ACLs accordingly. Make sure
there is no conflicting NAT-0 statement for the crypto traffic as,
NAT-0 will take precedence over Static !

Thanks,
Aditya Govind Mukadam

On Fri, Sep 5, 2008 at 1:43 AM, Robby Cauwerts wrote:
> Hi,
>
> You can nat both source and destination at your site.
>
> Have a look at the following example:
> http://www.cisco.com/en/US/tech/tk58...800949f1.shtml
>
> Keep in mind that when using this setup you will need to publish the natted
> address on your Citrix servers (google for "Altaddr").
>
> Br.
> Robby
>
> On Tue, Aug 26, 2008 at 8:02 PM, Dave Arroyo wrote:
>>
>> I am not a PIX super user but know enough to get in trouble...
>> I have a PIX515 that has a site to site tunnel to a client location where
>> we will be accessing Citrix servers, they are using a 10.195.x.x network
>> that overlaps with other private ranges allready in use throughout our
>> network. I can not get routing to the 10.195 networks that are on the other
>> end of this tunnel from the rest of my network.
>> How do I create a/an psudo address(es) that will NAT to the 10.195 going
>> through the tunnel ? I am lost !!!!
>>
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailma...rewall-wizards

>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards