We have a FWSM pair with 3.1(17) version. Policy NAT is configured (PAT) but it's not working, this is the config (Nat-Control is enabled)
access-list NAT-VOICE extended permit icmp object-group Cluster object-group Range-Voice
access-list NAT-VOICE extended permit tcp object-group Cluster object-group Range-Voice eq rsh
access-list NAT-VOICE extended permit ip object-group Cluster object-group Range-Voice
In the object-group called Cluster is the 212.145.x.x (located on si interface with security-level 10) and the object-group called Range-Voice the 212.30.x.x (located on interface outside with security level 0)
The NAT + Global commands are the next:
nat (si) 1 access-list NAT-VOICE
global (outside) 1 212.145.x.x
When I launch a telnet, ping o rsh or whateverfrom a server on Cluster object-group to another one on Range-Voice I've detected there is no NAT is taking place. In fact, on the destination server I could see the requests from the server with its real ip, not nat IP.
The show conn command shows me the connection between the real source IP and destination. The sh xlate doesn't show anything...
Thanks a lot,