Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't get traffic out

Hi,

I just configure my PIX 515E with version 7.0(4) and having problems to get traffic out on eth0 (if name outside). There is no problems between different VLAN ,all VLANs are configure on eth1. It is also possible to accass services on VLAN 10 (DMZ) from outside. The only thing I see in syslog is "Built Outbound" and "Teardown".

See my configuration in attached file.

Regards

Mikael

2 ACCEPTED SOLUTIONS

Accepted Solutions
Red

Can't get traffic out

Hi Mikael,

Yes that's right, you would need this:

nat (inside) 1 0 0

nat (wlan) 1 0 0

nat (client) 1 0 0

nat (server) 1 0 0

nat (dmz) 1 0 0

global (outside) 1 interface

Hope this helps.

please do rate helpful posts.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Red

Can't get traffic out

for 13 to 10 add:

static (dmz,client) 192.168.10.0 192.168.10.0

Varun

Thanks, Varun Rao Security Team, Cisco TAC
11 REPLIES
Red

Can't get traffic out

Hi Mikael,

You are missing this statement:

nat (inside) 1 0.0.0.0 0.0.0

global (outside) 1 interface

and please remove this:

nat (inside) 0 0.0.0.0 0.0.0.0

It shoudl work after this.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Can't get traffic out

Thanks Varun for quick answer.

I'm sitting on VLAN 13 (client) and I'm still not able to "get out". Do I have to create nat entry for all VLANs?

/Mikael

Red

Can't get traffic out

Hi Mikael,

Yes that's right, you would need this:

nat (inside) 1 0 0

nat (wlan) 1 0 0

nat (client) 1 0 0

nat (server) 1 0 0

nat (dmz) 1 0 0

global (outside) 1 interface

Hope this helps.

please do rate helpful posts.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Can't get traffic out

You are my hero, it works!

Regards Mikael

Red

Can't get traffic out

My Pleasure

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Can't get traffic out

I was so lucky when I reach out that I forgot to test to connect to the other VLAN:s... and of cours that is not working...

"No translation group found for tcp src client:192.168.13.102/51074 dst dmz:srv004/22"

/Mikael

Red

Can't get traffic out

From whihc vlan are you trying to connect to whihc vlans??

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Can't get traffic out

from 13 (client) to 10 (DMZ). But I also having problems in the other direction.

Red

Can't get traffic out

for 13 to 10 add:

static (dmz,client) 192.168.10.0 192.168.10.0

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Can't get traffic out

Once again, Thank you!

I will use this community more

Red

Can't get traffic out

Hey thats gr8

Varun

Thanks, Varun Rao Security Team, Cisco TAC
378
Views
4
Helpful
11
Replies
CreatePlease to create content