Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Baffled: Static mapping works, NAT/PAT doesn't

I have a NAT pool of 4 address and I have one PAT address. All machines can successfully browse all sites on the internet, except one site. Some of the machines can successfully connect to one particular https site. Other machines cannot. The machines that can access this site are all machines that have statically mapped global addresses. The machines that cannot access this site are all machines that are attempting to connect to this site using either the NAT or PAT global pool.

All machines can connect to any other HTTPS site. So, I'm not sure if this has something to do with a particular version of SSL that requires that a client have a statically mapped address or not.

Any ideas would be appreciated,

Thanks,

-tamara

4 REPLIES
Cisco Employee

Re: Baffled: Static mapping works, NAT/PAT doesn't

Hi,

It looks to me a reverse DNS lookup issue. Make a reverse DNS entry in your DNS server for your PAT address. Here is a link for your reference.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Thanks

Nadeem

New Member

Re: Baffled: Static mapping works, NAT/PAT doesn't

I tried making reverse DNS entries for all my NAT/PAT addresses. Still, I'm unable to connect. Why would the PIX be blocking access to this one particular address from NAT/PAT'ed machines on the inside? machines with statically mapped IP's have no problem connecting to this site.

Thanks,

-tamara

New Member

Re: Baffled: Static mapping works, NAT/PAT doesn't

Hi

Please check your access list corresponding to the above said NAT/PAT. It might be only allowing a particular port/service. You need to give 'eq https' OR 'eq any' in your access list (of course, if your company security policy allows this).

Try this, best of luck.

Anoop Kumar Narayanan, Network Administrator

NICBM Kuwait

New Member

Re: Baffled: Static mapping works, NAT/PAT doesn't

Hi

Hope you have tested the previous suggestion from me. Please let me know if it works or not.

Regards

Anoop K Narayanan

96
Views
0
Helpful
4
Replies