Hi
> I'm building IPsec VPN using PIX 515 as hub a 1751 a spokes. I want to
> centralize all Internet access on PIX. I have 3 interfaces on the PIX -
> private network of HQ, DMZ and external. I thought I would configure the
> tunnels on PIX, the decrypted traffic would than be routed - when destined
> for Internet PAT translated. It seems it may not be possible to configure
> according to "Cisco Secure PIX Firewall FAQ" and question 'Can I operate
> the PIX in a "one armed" configuration?'.
>
> The error I get is "106011: Deny inbound (No xlate)
> icmp src outside:10.1.0.2 dst outside:aa.bb.cc.dd (type 8, code 0)".
do you have a 'nat' statement for that block?
'show [nat/xlate]'?
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:46 EDT