Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT only occuring in one direction

PIX running 6.3(4)

All,

I have tried to NAT out an internal IP using (ip's slightly changed):

static (inside,outside) 12.15.27.24 172.16.251.251 netmask 255.255.255.255 0 0

to allow access to a external PPTP server. When I run a debug icmp trace (after starting a ping to a external IP)I can see the packets are not being natted to the above rather the hider ip, yet when I ping the external IP I can see it does translate correctly. The external and internal IP in the NAT statement are not specified anywhere else in the config. The translation is show in a show xlate output:

Global 12.15.27.24 Local 172.16.251.251

The internal host which is behind a core switch is locally firewalled so does not allow icmp traffic not that I can see this impacting. Has anyone else come across this or any suggestions on why the NAT would only be occuring in one direction?

many thanks

  • Firewalling
2 REPLIES

Re: NAT only occuring in one direction

The static nat looks ok.

Do you have ACL on outside interface permitting ping/icmp to the 12.15.27.24?

Can you ping the IP from your internet router?

HTH

AK

Re: NAT only occuring in one direction

Hi .. the description of your issue seems to contradict .. can youb please elaborate a bit further ..?

Are you saying that when you try to ping the external device .. you can's see a translation ..?

Please be aware that to allow icmp trhought a firewall you need to enable icmp inspection .. on code 6.X fixup protocol icmp fixup protocol icmp-error

Also make sure icmp is allowed in both directions ..

I hope it helps .. please rate it if does !!!

161
Views
0
Helpful
2
Replies