06-04-2008 04:31 AM - edited 03-11-2019 05:55 AM
Morning,
Well, we tried. But we were unsuccessful. In the last steps of moving our data center, we moved our default route from our old PIX-525 (6.2.3) to the FWSM (4.0.1). So everything looked good. Those hitting the proxy were still working for surfing, but those things that do not use the proxy did not. Things like the mainframe FTP, those who bypass the proxy, etc. Seems they were not NATTING. The xlate table showed the inside 10.0.X.X network was going to the internet as 10.0.X.X. Our global NAT statement is: NAT (Inside) 1 0.0.0.0 0.0.0.0. Should work right??? Any ideas?
We backed out the change.
06-04-2008 04:48 AM
1 thing could be - you probably missed the command :- nat-control
with no nat-control - all traffic passes thru the device un-natt'd!
Configure "nat-control" and test again?
The other thing, that you have not posted up is the global (outside) 1 "x" or "y"
x = interface
y = a specific IP address
HTH.
06-04-2008 05:16 AM
We do have the global statements on the outside (we called it Internet).
We found the issue. The PAT command was wrong. it was global (Internet) 2 198.185.66.249 Should have been global (Internet) 1 198.185.66.249.
We figured it out when we saw 5 devices getting out on the NAT commands and then nothing more. Ran out of addresses.
It's always something simple...
Thanks.
Jim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: