Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX - Router issues

I am having issues with what should be a simple config. I am connecting to the internet with a Cisco 806 via PPPoE, this works fine. I have the E0 connected to the PIX via A crossover, I have the DSL modem connected to E1. From the router I can ping/telnet anywhere no worries. From the Inside of the router if I connect a PC, I can also connect to everywhere. However, I wish to publish a class C set of ip addresses, 203.x.y.1 thru 203.x.y.254 to servers behind the PIX. I can get connectivity from the PIX, and have opened all the appropriate ports on the PIX, however the servers behind the firewall fail to receive the replies from the internet. I can see them leaving the router, but they don't seem to NAT properly, in that it's almost as though the source address is dynamically allocated to the servers as they leave the router.

Litlle help.. I have the following nat pool

ip nat pool mypool 203.x.y.1 203.x.y.254 netmask 255.255.255.0

ip nat inside source list 1 pool mypool overload

ip route 0.0.0.0 0.0.0.0 dialer1 (default route for the DSL connection)

where am i going wrong.]

Is there a simple suggested router config for in front a PIX, as I have no connectivity problems from the router...

Cheers

3 REPLIES

Re: PIX - Router issues

The issue is that you cannot do NAT on a PPTP connection. There is no concept of ports in GRE, the protocol that is used on top of IP.

There might be a partial solution for this. Please check the PIX techtips on CCO or do a search on PPTP.

New Member

Re: PIX - Router issues

hi

I am not sure what is your configure on port about NAT.

If you configure "ip nat inside "on E1 and "ip nat outside " on E0 ,I guest you have make some mistake .

Configuring "ip nat pool mypool 203.x.y.1 203.x.y.254 netmask 255.255.255.0 " means dynatic NAT will be doing when outgoing packets come from E1.

So , you cann't using 203.x.y.z as a nat pool.

In my opinion, you can just configuring static NAT on Cisco 806 , or configuring static NAT on PIX and don't translating 203.x.y.0 on Cisco 806.

Regards,

Inted

New Member

Re: PIX - Router issues

What is in list 1? Remember that PIX will try to do a NAT also. Make sure you've configured NAT 0 on the PIX to disable NAT for the LAN or create a approproate NATing on teh PIX for servers.

JS

88
Views
0
Helpful
3
Replies