[c-nsp] PIX 6x translation issue
William
willay at gmail.com
Mon Jan 12 10:12:53 EST 2009
Hi there chaps,
I have a PIX running 6x software with 3 interfaces:
outside - sec0 (public IP address)
inside - sec100 (10.1.1.253/24)
office - sec90 (10.75.4.253/24)
At the moment I have it configured so hosts on the inside interface
can access the internet (natted to interface ip on outside) and access
various networks over VPN (no nat). Hosts on the office network can
also access the internet (natted the same as inside).
What I'm trying to figure out is how I can get hosts on the office
network to access hosts on the inside network without their addresses
being translated. I've built an access-list and applied it to the
office interface which is straight forward and I've added the
following static:
static (office,inside) 10.75.4.0 10.75.4.0 netmask 255.255.255.0 0 0
However I'm not getting any connectivity, so I added:
access-list office_outbound_nat0_acl permit ip host 10.75.4.1 10.1.1.0
255.255.255.0
nat (office) 0 access-list office_outbound_nat0_acl
At the moment I'm not getting any hits on office_outbound_nat0_acl and
no traffic is getting across either, the logs say:
305005: No translation group found for icmp src office:10.75.4.1 dst
inside:10.1.1.250 (type 8, code 0)
Which matches up with the traffic I'm sending! Can someone assist me
so I know what I'm doing wrong?
Thank you for your time.
W.
More information about the cisco-nsp
mailing list