[c-nsp] VPN PIX 6.x Translation issue
Tom Sutherland
tsuther at i3bus.com
Tue Feb 3 12:30:48 EST 2009
have you tried "global (outside) 0 interface" ?
-----Original Message-----
From: William <willay at gmail.com>
To: cisco-nsp at puck.nether.net <cisco-nsp at puck.nether.net>
Subject: [c-nsp] VPN PIX 6.x Translation issue
Date: Mon, 2 Feb 2009 10:57:05 -0500
Hi folks!
I currently have a PIX firewall running 6 code, the firewall has 3
interfaces, inside, outside and inside2.
At the moment I can VPN and communicate to all the hosts on the
inside, what I'd like to do is also be able to communicate with the
hosts on inside2, the security levels are:
outside: 0
inside: 100
inside2: 90
When I try to speak to inside2 hosts, I get the following error:
%PIX-3-305005: No translation group found for icmp src
outside:10.10.199.3 dst inside2:192.168.0.1 (type 8, code 0)
I'm very confused as to where I should be putting global/nat
statements... so far my setup consists of:
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 10.10.200.0 255.255.255.0 0 0
nat (inside2) 0 access-list office_outbound_nat0_acl
nat (inside2) 1 192.168.0.0 255.255.255.0 0 0
global (outside) 1 interface
This lets both inside and inside2 hosts contact the internet via int
outside, and no nat stuff that needs to traverse VPN tunnels...
If anyone can assist/educate me on getting this working I would
appreciate it very much!
Cheers,
W
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list