[c-nsp] interesting problem with PIX, double NAT and routing
Aldo Valente
aldo.valente at gmx.de
Mon Feb 28 05:21:01 EST 2005
We have an setup with another Net which uses partially the same IP Adresses.
Should be no problem:
nat (inside) 1 0 0
global (outside) 1 our.outside.ip
nat (outside) 2 0 0 outside
global (inside) 2 our.inside.ip
This works, what remains is the routing problem. The Docs
have a similar example, there is written that you cannot
have the same routing entry for inside and outside and in
that example there is 10.0.0.0/24 connected inside and you have
to "route outside 10.0.0.0 255.255.255.128 outer.router" and
"route outside 10.0.0.128 255.255.255.128 outer.router"
So, we have
route inside 0 0 inner.router
and
route outside 0 128.0.0.0 outer.router
route outside 128.0.0.0 128.0.0.0 outer.router
Basically the same as in the example, but our inner net
is not connected.
Guess what, it doesn't work. The Pix takes the more specific route. We
tried the routing both ways.
Additionally we get weird errors when we try to remove the default route
(0/0) and even crash the pix. It`s 6.3(4).
Some Suggestions?
Thanks,
Aldo
--
Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS
GMX bietet bis zu 100 FreeSMS/Monat: http://www.gmx.net/de/go/mail
More information about the cisco-nsp
mailing list