The HQ is connected to the PIX site through the ISPs network. The
HQ network should be 10.22.x.x/yy. On the basis of your above PIX
configuration this should be located behind the
"outside" interface of the PIX.
For your HQ coming
from subnet 10.22.x.x/yy to subnet 10.45.x.0/19 you would have to
configure NAT0 between these networks.
Essentially the configuration would look something like this
access-list INSIDE-NAT0 remark NAT0/NONAT for Branch to HQ traffic
access-list INSIDE-NAT0 permit ip 10.45.x.0 255.255.224.0 10.22.x.x y.y.y.y
nat (inside) 0 access-list INSIDE-NAT0
This
should essentially enable hosts from 10.22.x.x/yy subnet to connect
directly to subnet 10.45.x.0/19 on their original IP addresses.
* If the other Branch network needs the same type of rule then you would
simply add another line to the ACL/access-list we created BUT you would
use the other Branch network as the source.
access-list INSIDE-NAT0 permit ip 10.36.0.0 255.255.0.0 10.22.x.x y.y.y.y
I got this solution from
Cisco Support Community
