- Bronze, 100 points or more
I am running out of IP Addresses on the outside interface and want to configure a secondary ip address range. I am using a few ip addresses for NAT translations from the outside interface, but wanted for the NAT pool to use the secondary ip address range from the outside interface instead of the primary ip address range. I have configured the outside interface with the secondary ip address range and changed the ip address range of the NAT pool to the secondary ip address range. I also configured the router to route the secondary ip address range, but did not work for me. Any suggestions would be greatly appreciated
It looks like your default gateway may be on the subnet with your primary ip address.
If this is the case then the replies probably have have no route back to your secondary ip address or your nat pool subnet.
another ip address in the same subnet as your secondary block needs to be added to the default gateway interface or the subnet mask needs to changed to range across both of your blocks.
If you already have a route from your isp to the secondary block then you can just remove the secondary ip address and nat through the primary ip address using the secondary pool.
stupid question maybe, but can you check if your PIX allows the translated range (220.127.116.11 18.104.22.168 prefix-length 26) through ? Are the translated addresses arriving at the PIX ?
By the way, NAT and HSRP do not work well together. The standby router does not have the NAT translation table, so when the cutover from the active to the standby router occurs, your connections will time out.