[c-nsp] VPN PIX 6.x Translation issue
William
willay at gmail.com
Mon Feb 2 10:57:05 EST 2009
Hi folks!
I currently have a PIX firewall running 6 code, the firewall has 3
interfaces, inside, outside and inside2.
At the moment I can VPN and communicate to all the hosts on the
inside, what I'd like to do is also be able to communicate with the
hosts on inside2, the security levels are:
outside: 0
inside: 100
inside2: 90
When I try to speak to inside2 hosts, I get the following error:
%PIX-3-305005: No translation group found for icmp src
outside:10.10.199.3 dst inside2:192.168.0.1 (type 8, code 0)
I'm very confused as to where I should be putting global/nat
statements... so far my setup consists of:
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 10.10.200.0 255.255.255.0 0 0
nat (inside2) 0 access-list office_outbound_nat0_acl
nat (inside2) 1 192.168.0.0 255.255.255.0 0 0
global (outside) 1 interface
This lets both inside and inside2 hosts contact the internet via int
outside, and no nat stuff that needs to traverse VPN tunnels...
If anyone can assist/educate me on getting this working I would
appreciate it very much!
Cheers,
W
More information about the cisco-nsp
mailing list