I need some expert help on this issue. We currently have a setup where our pix 515e v7.2 handles out outbound/inbound internet traffic in addition to controlling access to our client's network setup via a p2p T1. The T1 internally terminates on a router with the inside router interface plugged into the DMZ of our PIX.
In order for us to access our clients network they required us to get registerred IP addresses from our ISP and assign then to the network comming into thier EBP router. The registerd IP network on the DMZ is differerent from the IP network assigned to the outside interface of the PIX.
We have 126.96.36.199 as our outside address - we are using PAT from the inside network to nat and pass traffic to the internet
on the DMZ we have 10.10.10.1 assigned to the DMZ interface. We need to be able to use a global pool of 10.10.10.58-10.10.10.86
The problem we have is that we need to be able to use both the PAT for internet, and the Global pool for access to the client from the inside network of 172.16.10.0/24. When we put this in the config our internet access no longer works. if we remove the nat pool then internet does work. If we put statics nats all works. But we cannot use static nats in our production config.
Also, if there is a subnet guru around what mask could I use to specify a range of 29 addresses starting from 10.10.10.58-10.10.10.86.
I am continueing to research how to accomplish this, but any help the guru's on this forum can provide would be GREATLY appreciated!
thank you for the reply your solution fixed my issue. the problem I was having was being caused by the fact that I was using a different NAT ID for my global pool, and the inside network would only use one of the pools and not both. After looking at the example you posted it was noticed that you were using the same nat id for each nat entry, we tried that and it worked. Thanks!!!!!
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...