cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
732
Views
4
Helpful
11
Replies

Can't get traffic out

Mikael Sveden
Level 1
Level 1

Hi,

I just configure my PIX 515E with version 7.0(4) and having problems to get traffic out on eth0 (if name outside). There is no problems between different VLAN ,all VLANs are configure on eth1. It is also possible to accass services on VLAN 10 (DMZ) from outside. The only thing I see in syslog is "Built Outbound" and "Teardown".

See my configuration in attached file.

Regards

Mikael

2 Accepted Solutions

Accepted Solutions

Hi Mikael,

Yes that's right, you would need this:

nat (inside) 1 0 0

nat (wlan) 1 0 0

nat (client) 1 0 0

nat (server) 1 0 0

nat (dmz) 1 0 0

global (outside) 1 interface

Hope this helps.

please do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

for 13 to 10 add:

static (dmz,client) 192.168.10.0 192.168.10.0

Varun

Thanks,
Varun Rao

View solution in original post

11 Replies 11

varrao
Level 10
Level 10

Hi Mikael,

You are missing this statement:

nat (inside) 1 0.0.0.0 0.0.0

global (outside) 1 interface

and please remove this:

nat (inside) 0 0.0.0.0 0.0.0.0

It shoudl work after this.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

Thanks Varun for quick answer.

I'm sitting on VLAN 13 (client) and I'm still not able to "get out". Do I have to create nat entry for all VLANs?

/Mikael

Hi Mikael,

Yes that's right, you would need this:

nat (inside) 1 0 0

nat (wlan) 1 0 0

nat (client) 1 0 0

nat (server) 1 0 0

nat (dmz) 1 0 0

global (outside) 1 interface

Hope this helps.

please do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

You are my hero, it works!

Regards Mikael

My Pleasure

Varun

Thanks,
Varun Rao

I was so lucky when I reach out that I forgot to test to connect to the other VLAN:s... and of cours that is not working...

"No translation group found for tcp src client:192.168.13.102/51074 dst dmz:srv004/22"

/Mikael

From whihc vlan are you trying to connect to whihc vlans??

Varun

Thanks,
Varun Rao

from 13 (client) to 10 (DMZ). But I also having problems in the other direction.

for 13 to 10 add:

static (dmz,client) 192.168.10.0 192.168.10.0

Varun

Thanks,
Varun Rao

Once again, Thank you!

I will use this community more

Hey thats gr8

Varun

Thanks,
Varun Rao
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: