Above is a small "drawing" to try to illustrate my setup. Also above are what I think is the relevant PIX configs. The purpose of these 2 firewalls is to protect machines on the 192.168.1.x network from machines on the 10.x.x.x network and vice versa. Subnet masks for 192 machines is 255.255.255.0 and for the 10 network is 255.255.0.0.
Right now, I am able to connect to both machine A and machine B from machine C using the natted IP addresses. The problem I'm having, is that when I try to establish a connection from machine A to machine B I get a syslog error message from PIX 1 that reads "no translation group found for tcp src outside:192.168.1.11 dst inside:10.3.10.11"
I'm a little confused at this point. Do I need to add some sort of global command for the inside interfaces? and a nat for the outside? I will need both Machine A to be able to talk to machine B, and vice versa. Any help is greatly appreciated.
I think it will save you a lot of headache if you swop the security levels of each interface of both PIXs... i.e. swop the interface. Interface Outside faces the router of each side of the PIXs... then you can let machine A talk to machine B by typing static (inside,outside) which is the proper way of doing the static translation... also make sure your route statements are reaching the translated subnet (i.e. the outside subnet)...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :