does the router has the default gateway pointing to PIX inside interface IP? If the traffic from the two remote networks is directed towards PIX, and there is no access-list on the inside network blocking the two remote networks, there shouldnt be any issue with creation of translation.
Assuming that gateway of remote router is the Corp. Router, and gateway of Corp. Router is PIX inside interface, if hosts from NW1 & NW2 send internet request, it should reach the PIX. Are there any logs/syslogs which show that traffic is reaching PIX and translation is failing?
There aren't even any entries for "IP_ADDRESS accessed URL ..." but I know that the routing is working correctly because a host at the remote site can ping the inside interface of the pix and vice-versa. However, users in the remote networks cannot ping the Pix's DG (internet router) but all users on the corporate networks can.
There are three NAT statements on the firewall:
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside) 0 access-list ACL1
nat (dmz) 0 access-list ACL2
Additionally, users in the affected remote networks are able to access resources in the DMZ so NAT'ing is working there as expected.
I found the problem while double checking the access-lists.
Typically I don't setup "any" rules but I was pressed for time on this project and took the quick and easy way out and created a NoNat access-list entry for the two new networks with a destination of "any" instead of specific network they need to get to through a VPN connection.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :