[c-nsp] pix static nat mapping rule through vpn
Alexandre Durand
alexandre.durand at thecloud.net
Thu Nov 23 11:42:02 EST 2006
Hi,
I ve configuration with my pix with a static nat rule which is working
fine. However this rule doesn t work trought the vpn tunnel.
Here is my config
access-list DEVPN extended permit ip host 1.1.1.32 255.255.255.224
10.5.45.0 255.255.255.0 (domain vpn encryption)
access-list indmz extended permit icmp any host 1.1.1.40
access-list indmz extended permit icmp 194.42.124.32 255.255.255.224 any
global (dmz) 2 1.1.1.40
static (inside,dmz) 1.1.1.40 2.2.2.2 netmask 255.255.255.255
access-group indmz in interface dmz
i can t ping 1.1.1.40 from 10.5.45.0/24 (through the vpn) but i can
talk without the vpn
%PIX-6-302020: Built ICMP connection for faddr x.x.x.x/62801 gaddr
1.1.1.40/0 laddr 2.2.2.2/0 (without vpn)
Teardown ICMP connection for faddr 10.5.45.134/60795 gaddr 1.1.1.40/0
laddr 1.1.1.40/0 (through VPN)
so why in the second line there is no translation from 1.1.1.40 to
2.2.2.2?
Regards,
Alex
--
Alexandre Durand
Edge Network Engineer
A: The Cloud Networks Ltd
54 Bartholomew Close
EC1A 7RY
M: 0770 291 1805
W: www.thecloud.net
More information about the cisco-nsp
mailing list