[c-nsp] pix static nat mapping rule through vpn
Alexandre Durand
alexandre.durand at thecloud.net
Thu Nov 23 11:44:55 EST 2006
Alexandre Durand wrote:
> Hi,
>
> I ve configuration with my pix with a static nat rule which is working
> fine. However this rule doesn t work trought the vpn tunnel.
> Here is my config
>
>
> access-list DEVPN extended permit ip host 1.1.1.32 255.255.255.224
> 10.5.45.0 255.255.255.0 (domain vpn encryption)
> access-list indmz extended permit icmp any host 1.1.1.40
> access-list indmz extended permit icmp 1.1.1.32 255.255.255.224 any
> global (dmz) 2 1.1.1.40
> static (inside,dmz) 1.1.1.40 2.2.2.2 netmask 255.255.255.255
> access-group indmz in interface dmz
>
>
> i can t ping 1.1.1.40 from 10.5.45.0/24 (through the vpn) but i can
> talk without the vpn
> %PIX-6-302020: Built ICMP connection for faddr x.x.x.x/62801 gaddr
> 1.1.1.40/0 laddr 2.2.2.2/0 (without vpn)
>
>
> Teardown ICMP connection for faddr 10.5.45.134/60795 gaddr 1.1.1.40/0
> laddr 1.1.1.40/0 (through VPN)
>
> so why in the second line there is no translation from 1.1.1.40 to
> 2.2.2.2?
>
> Regards,
>
> Alex
>
>
>
>
>
>
>
--
Alexandre Durand
Edge Network Engineer
A: The Cloud Networks Ltd
54 Bartholomew Close
EC1A 7RY
M: 0770 291 1805
W: www.thecloud.net
More information about the cisco-nsp
mailing list