Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security Context - NATing issues

Hi All,

I have configured two contexts on PIX, i.e. one for Admin and one for Client. I have configured two sub interfaces and assigned VLANs to use for inside networks whereas i have shared outside interface between two contexts.

Now i am confuse about the NATing part for this design.I am able to access the internet from admin context. However not able to telnet my ISP router from my network. I have assigned tow ip networks to the inside interface of the ISP rotuers i.e. 10.10.10.X and public ip range. Now if i telent on public ip it works where as if i telent on 10.10.10.X network it won't work. Also my radius is stop authenticating on the router. i am able to ping raidus server from the router.

Could you please help me to solve this issue.

Adm Ctx:

interface Inside_adm

nameif inside

security-level 100

ip address


interface outside_adm

nameif outside

security-level 0

ip address

same-security-traffic permit intra-interface

access-list outside_access_in extended permit ip any any

access-list outside_access_in extended permit icmp any any

access-list inside_access_in extended permit ip any any

i have not using NAT on PIX.

ISP router:

interface FastEthernet0/0

ip address secondary

ip address

ip nat inside

ip nat pool Test XXXX netmask

ip nat inside source list 1 pool Test overload

Ip rotue


Re: Security Context - NATing issues


so I'm noticing on your ISP router it is doing the natting right now for you. I'm assuming your not trying to do double nat out to the internet so you need to do a nat exemption on your PIX/ASA

can you confirm this little traffic drawing.

HOSTA10.126.1.X --> PIX> ISPRTR --> Internet

I also notice that your ip route on the isp router is pointed to 200 instead of 201.