PIX to IOS router ipsec swith NAT issue

Unanswered Question
Feb 15th, 2007

I have what I am hoping someone has successfully accomplished before. In one state I have a PIX 501 firewall, and in another I have a 2801 and behind that is a 2611. The 2611 has a 10.x.x.x network and a 192.168.x.x network on it. The 10 network connects to the 2801 via f0/1, and the 192 interface connects to a third party firewall, a sonic I believe. In order to create the IPSEC tunnel I have a 1:1 nat translation on the F0/0 interface that maps a public IP to the private IP on the 2611. In this setup IPSEC works OK, but there is a monkey wrench thrown in here that has created a real snafu. Voip runs over this interface, which for the 10,x,x,x network is not a problem, but what is a problem is there are desktop appications, and access to the CCMuser pages from the 192.168 network and also two IP communicators on the 192.168 network. In order for them to work I need NAT on the 2611, by itself works fine, but when I enable nat on the 2801, breaks the voice for the IP communicators. I need some solution to this as I have run out of ideas.

When I look at the registration for the CIPC, I am seeing the public ip address that is mapped to the 10 address. How vcan I stop the ip of the 2611 from being transalated for the CIPC, if I can solve that I think I can have this all working.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carenas123 Wed, 02/21/2007 - 13:28

This problem is due to the static translation change. This problem caould be solved by clearing the address translations with the comand " clear translarions.

tahequivoice Wed, 02/21/2007 - 13:48

I figured it out and got it working. It was mainly the PIX where the problem was at. Thanks anyway.

ssoberlik Wed, 02/21/2007 - 13:58

This problem is due to the static translation change. This problem caould be solved by clearing the address translations with the comand " clear translarions.

Actions

This Discussion