03-20-2004 12:07 AM - edited 03-02-2019 02:25 PM
Hi Gurus,
I have a network design,
ACS---PIX----PIX---NAS---DIal-in
When the user try to dial-in to the NAS router the error msg (attached). The ACS has been configure with the NAT eth0/0 and hostname also the tacacs+ key from the NAS Router. I could not found any referrence for the error msg from the cisco.com. Please help gurus.
Thanks in Advance.
HATO
03-21-2004 01:00 PM
In this situation, you should always use a static one-to-one IP adress translation. Using PAT (overloaded NAT) instead of true NAT will cause you trouble.
From the info that was given, it is not clear how things are set up.
Regards,
Leo
03-22-2004 01:16 AM
Hi Leo,
Thanks for the reply. The network would be:
acs (net 172.16.1.12)---PIX(10.0.20.1/28)-----(10.0.20.32/28)PIX----NAS Router (Fa0/0 192.168.0.1)--Dial-in User.
NOTE:
--Between PIX there has to be 2 network coz go through service provider
--You're right the Fa0/0 has being NAT-ed to 10.0.20.46.
--I can ping from NAS Router to ACS server
--The ACS has being NAT-ed to 10.0.20.20
--The Dial-in user on succeed dialed would be given to IP network 192.168.0.xxx then NAT-ed to 10.0.20.xxx (but the dial having a problem which is shown at the attachment)
-- I have point the NAT-ed ACS server at the NAS Router as TACAC+ server host
Thank u
HATO
03-24-2004 05:53 PM
Solved,
Thanks LEO just find the solution. Acctually the session was block at the PIX1 and PIX2.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: