[c-nsp] interesting problem with PIX, double NAT and routing
Sabri Berisha
sabri at cluecentral.net
Mon Feb 28 05:31:00 EST 2005
On Mon, Feb 28, 2005 at 11:21:01AM +0100, Aldo Valente wrote:
Hi,
> We have an setup with another Net which uses partially the same IP Adresses.
>
> Should be no problem:
>
> nat (inside) 1 0 0
> global (outside) 1 our.outside.ip
> nat (outside) 2 0 0 outside
> global (inside) 2 our.inside.ip
This is a bit blurry, could you be more specific? :)
> So, we have
>
> route inside 0 0 inner.router
> and
> route outside 0 128.0.0.0 outer.router
> route outside 128.0.0.0 128.0.0.0 outer.router
>
> Basically the same as in the example, but our inner net
> is not connected.
>
> Guess what, it doesn't work. The Pix takes the more specific route. We
> tried the routing both ways.
Thats normal behaviour I would say. That's why it is more specific :)
> Additionally we get weird errors when we try to remove the default route
> (0/0) and even crash the pix. It`s 6.3(4).
>
> Some Suggestions?
It's a bit unclear to me what you are trying to establish.. You should
be able to remove a default route however.
--
Sabri Berisha, SAB666-RIPE - I route, therefore you are
http://www.cluecentral.net - http://www.virt-ix.net
More information about the cisco-nsp
mailing list