PIX 525 Static NAT

Unanswered Question
Apr 14th, 2007

I have a PIX 525 with a static NAT which is part of a VPN tunnel:

static (inside,outside) 10.91.6.2 access-list translation2

access-list dieboldtranslation2 permit ip host 10.11.150.1 host 10.79.15.3

The host on my end is trying to get out and I can see the attempt to build the tcp conncetion in the firewall, But the access-lists are never getting hit, never an attmept to translate from inside to outside to the 10.91.6.2 address:

302013: Built outbound TCP connection 74840423 for outside:10.79.15.3/5202 (10.79.15.3/5202) to inside:10.11.150.1/2492

I know the routing is correct, my inside host is a couple of hops away, but there is connectivity from it to my PIX

Anyone have any ideas?

Also, is the direction correct on the log entry for the traffic, would that be a clue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Thu, 04/19/2007 - 11:38

The static command must not be included in the certified PIX Firewall. The static command enables particular instances of NAT.

Tshi M Thu, 04/19/2007 - 12:11

access-list NATME permit ip host inside_ip destination_ip or network

static (inside,outside) static_ip access-list NATME.

hope this help

Actions

This Discussion