[c-nsp] FW: Static PAT problem

Gert Doering gert at greenie.muc.de
Wed Mar 23 03:19:15 EST 2005


Hi,

On Tue, Mar 22, 2005 at 08:51:54PM -0500, Andrew Herdman wrote:
> Yes, I have both;

Uh, the actual *interface* configuration would also be useful...

I've had a sort-of-similar situation at a customer site recently - the
ACL clearly permitted entry for a given source IP, but the IOS firewall
was confused and dropped the packets.  To sort out NAT, you might want
to disable ACL and IP inspect, make sure NAT is working, and then add 
the other two back to the interface, to see who is breaking things.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list