NAT problem

Unanswered Question
Jul 5th, 2008

I have a PIX525 running 8.0(3) with 256MB RAM & running Restricted License.

When i use OUTSIDE Interface NAT the NATing works fine.

But when i user any other Global IP for NATing it's not working.

Pl. help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
j.tandel Sun, 07/06/2008 - 02:43

Well it's configured preety simple.

There is a NAT statement for my private IP's

Nat(inside) 1

& global(outside) 1 interface

It works well on this.

But for the following config it's not working.

Nat(inside) 2

global(outside) 2

There's ACL for permitting from INSIDE to OUTSIDE.

permit ip any

permit ip any.

a.alekseev Sun, 07/06/2008 - 03:21

you should do "clear xlate local" "clear local-host"

after that.

Daniel Voicu Mon, 07/07/2008 - 03:06


Not sure what are you trying to achieve, but i a better setup will be:

Nat(inside) 1

Global(outside) 1 interface

Static (inside,outside) netmask

This will ensure will be NATed to while all the other 10.x.x.x addresses will be NATed to the outside interface IP.

Furthermore, now the can be accessed from the Internet if it is a servers and if your Access-list allows it.

Please rate if this helped.



j.tandel Mon, 07/07/2008 - 08:16

what I want is from certain subnet and from certain hosts I should be able to use a different global ip. This is for all outbound traffic only.

I even tried with (debug icmp trace) when I config diff global for nat the request comes on pix, it shows translating but no reply from the host located on the outside interface.

But when the outside interface is used for global i get a reply from the outside host.

Can u pl help.

wheeler930 Mon, 07/07/2008 - 12:48

I had a simular issue, it ended up being the default gateway of my client system not being setup properly. Check the default gateway of the client, it should be the outside ip address.


This Discussion