My ISP currently suppies me two VLANs over ethernet, one tagged and one untagged. Until now, I've not used the tagged one.
On a PIX 515E, IOS 6.3, I have created a vlan interface mapped to ethernet0 and called it outsidetwo with security 1. ethernet0 has the role of outside with security 0.
I'm having problems with the NAT translations. I have set up a static translation between the new outsidetwo interface and my DMZ:
global (outside) 1 interface
global (DMZ) 1 interface
global (outsidetwo) 1 interface
static (DMZ,outsidetwo) W.X.Y.Z 192.168.50.100 netmask 255.255.255.255 0 0
However, I get the following error when sending traffic from 192.168.50.100:
No translation group found for udp src DMZ:192.168.50.100/32768 dst outside:SOTA_Secondary_DNS/53
The default route is specified as:
route outside 0.0.0.0 0.0.0.0 X.X.X.X 1
I suspect the error is caused because the PIX wants to route the outgoing traffic via the outside interface and as such can not find a valid translation rule.
Is there any way I can specify two outside interfaces, so traffic listed as being NATted to outsidetwo will go out this VLAN interface and other traffic will go out outside (the untagged vlan interface)?
Any other way I can get this to work, with essentially two outside interfaces?