[c-nsp] FWSM v2.3.3 NAT issue
Brett Looney
brett at looney.id.au
Wed Dec 28 01:08:45 EST 2005
Greets,
I've just upgraded a pair of 6509E's with FWSM in each from v2.2.1
(or similar - I forget) to v2.3.3. The config has not changed at all.
We've now got an issue where global NAT translations from the
"outside" interface to the "inside" interface are not working - that
is, packets are sent straight through without being NATted. Note that
we are doing a reverse NAT here, the config is like this:
global (INSIDE) 1 1.2.3.4
nat (OUTSIDE) 0 access-list NONAT-OUTSIDE outside
nat (OUTSIDE) 1 access-list NAT-OUTSIDE outside
Connections from the outside interface used to appear to come from
1.2.3.4 for hosts on the inside. Now they don't - they appear to come
from the originator's real IP address.
As I mentioned, this worked fine in the earlier version (we upgraded
to fix a heap of cross-chassis redundancy issues) but now it's broken.
Any ideas? I have raised a TAC case but I thought I'd ask the wizards here.
TIA.
B.
More information about the cisco-nsp
mailing list