I don't have your config, HW version, etc., so this could be off, but it
sounds like you are on a PIX, 5.1x or later. Drop me a mail if you are
something else.
The issue you are running into is common and that is why on PIX IOS there is
a NAT 0 (don't NAT) command.
So, let's say you have access list 100 for your crypto list, you then do a
NAT 0 for the same list (i.e. do not NAT that which you intend to tunnel).
This would look like
nat (inside) 0 access-list 100
And that should solve your problem.
HTH,
Casey Fahey CCNP, MCSE
>From: "Vyacheslav Luschinsky"
>Reply-To: "Vyacheslav Luschinsky"
>To: [EMAIL PROTECTED]
>Subject: Re: IPSec question [7:10965]
>Date: Fri, 6 Jul 2001 02:12:24 -0400
>
>Thank you for your reply.
>The problem was solved but I have another:)
>I have some static NAT translations and when I try to connect or ping host
>trough IPSec tunnel using its privet address NAT occurs and packet is no
>longer can go through tunnel. Cisco site has the article about this but
>there is only configuration with no explanation how loopback can help and
>what that config does.
>http://www.cisco.com/warp/public/707/static.html
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11187&t=10965
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
