PDM and policy-nat

Unanswered Question
Mar 11th, 2008

Is there an update or work-around for the inability to configure a 6.3(x) PIX via PDM if policy-nat is configured also?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Phil Williamson Mon, 03/17/2008 - 11:32

Didya,

No those don't help. I you have policy-nat configured on the PIX (possilby for NAT before encryption due to overlapping IP space) then when you access via PDM you get a msg that since policy-nat is being used you can only use PDM for viewing/monitoring, but not to change the config.

Phil

JORGE RODRIGUEZ Mon, 03/17/2008 - 14:07

Phil, I know exactly what your problem is, I had this issue with a client running 6.3.2 when I was ready to open a TAC case to be sure if upgrading pix code to latest 6.x train and PDM to see if it would solve the issue client decided to leave it as is CLI only and wait for ASA upgrade. I do not know whether upgrading to 6.3(5) along with PDM upgrade would resolve the PDM not understanding Policy NAT commands, unfortunaly the workaround seems to be NOT Use PDM and give up gui, or if use PDM remove Policy NAT or upgrade to 7.x ..

Back then four months ago I chekced all bugs on 6.3.5 and PDM on this train and found nothing mentioning this issue.

What code are you running ? 6.3.5 and lates PDM code? if you are running 6.3.5 make sure you have teh latest PDM code on that train, if you do then bad news, I would recommend opening a TAC case.

Rgds

Jorge

Actions

This Discussion