Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX 515 NAT for Inside Remote Network Problem?

Hi Everyone,

I have a PIX 515 with 2 interaces, Using INSIDE 192.168.1.0 Network and OUTSIDE 206.207.208.0 Network.

I have currently web servers mapped for the External IP to the Inside: 206.207.208.15 to the 192.168.1.15 Address.NAT Translation is working fine for 192.168.1.0 network.

Now I have a WEBSERVER on a subnet 192.168.3.0, which I need to NAT from this PIX 515.

**************************************************************************************************

name 192.168.3.48 WEBSERVER48

access-list outside_access_in permit tcp any host 206.207.208.16 eq www

pdm location 192.168.3.48 255.255.255.255 inside

nat (inside) 1 192.168.3.48 255.255.255.255 0 0

static (inside,outside) 206.207.208.16 192.168.3.48 netmask 255.255.255.255 0 0

route inside 192.168.3.48 255.255.255.255 192.168.1.1 1

**************************************************************************************************

The above NAT pointing to the remote network is not working for this WEBSERVER48, I see their is a delay and after that the browser times out. I can ping from the PIX 515 (Inside IP 192.168.1.50) to the 192.168.3.48 via the 192.168.1.1 Default gateway.

192.168.3.0 Network is connected through the IPVPN(MPLS Network),with 10MB guaranteed bandwidth. There are no routing issues from 192.168.1.0 for reaching to the 192.168.3.0 network.

Please advise options to troubleshoot this problem.

Thanks in advance.

Shan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 515 NAT for Inside Remote Network Problem?

Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.  It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.  Check that.

Thanks, Glenn.

2 REPLIES
Cisco Employee

Re: PIX 515 NAT for Inside Remote Network Problem?

Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.  It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.  Check that.

Thanks, Glenn.

Re: PIX 515 NAT for Inside Remote Network Problem?

Hi Shan,

i have two questions

whether the web server is configured to listen any specific subnets?

Are you able browse it from your internal network?

Dileep

369
Views
0
Helpful
2
Replies
CreatePlease to create content