[c-nsp] pix static nat mapping rule through vpn

Alexandre Durand alexandre.durand at thecloud.net
Thu Nov 23 11:42:02 EST 2006


Hi,

I ve configuration with my pix with a static nat rule which is working 
fine. However this rule doesn t work trought the vpn tunnel.
Here is my config


access-list DEVPN extended permit ip host 1.1.1.32 255.255.255.224 
10.5.45.0 255.255.255.0 (domain vpn encryption)
access-list indmz extended permit icmp any host 1.1.1.40
access-list indmz extended permit icmp 194.42.124.32 255.255.255.224 any
global (dmz) 2 1.1.1.40
static (inside,dmz) 1.1.1.40 2.2.2.2 netmask 255.255.255.255
access-group indmz in interface dmz


i can  t ping 1.1.1.40 from 10.5.45.0/24 (through the vpn) but i can 
talk without the vpn
%PIX-6-302020: Built ICMP connection for faddr x.x.x.x/62801 gaddr 
1.1.1.40/0 laddr 2.2.2.2/0  (without vpn)


Teardown ICMP connection for faddr 10.5.45.134/60795 gaddr 1.1.1.40/0 
laddr 1.1.1.40/0 (through VPN)

so why in the second line there is no translation  from 1.1.1.40 to 
2.2.2.2?

Regards,

Alex

 




-- 
Alexandre Durand
Edge Network Engineer
A:	The Cloud Networks Ltd
	54 Bartholomew Close
	EC1A 7RY
M:	0770 291 1805
W:	www.thecloud.net 




More information about the cisco-nsp mailing list