I have a NAT pool of 4 address and I have one PAT address. All machines can successfully browse all sites on the internet, except one site. Some of the machines can successfully connect to one particular https site. Other machines cannot. The machines that can access this site are all machines that have statically mapped global addresses. The machines that cannot access this site are all machines that are attempting to connect to this site using either the NAT or PAT global pool.
All machines can connect to any other HTTPS site. So, I'm not sure if this has something to do with a particular version of SSL that requires that a client have a statically mapped address or not.
I tried making reverse DNS entries for all my NAT/PAT addresses. Still, I'm unable to connect. Why would the PIX be blocking access to this one particular address from NAT/PAT'ed machines on the inside? machines with statically mapped IP's have no problem connecting to this site.
Please check your access list corresponding to the above said NAT/PAT. It might be only allowing a particular port/service. You need to give 'eq https' OR 'eq any' in your access list (of course, if your company security policy allows this).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...