I have a nat of 10.10.1.10 that nats to 10.20.1.10 (address are just for example)
My fw outside interface has a ip of 10.10.1.1 and my dmz interface has a ip of 10.20.1.1.
From my workstation at work I can ping 10.10.1.1 and from the pix I can ping 10.20.1.10. I can ping my next hop out to the internet. Howerver when I turn on debug packet outside and issue a www request to 10.10.1.10 I do not see any packets. I am pretty sure it probably has to be my provider, but I am just wondering if there is anything else I can look at.
You mentioned your work workstation, where is that in the topology. Are you connecting to the pix via the Internet over an IPSec/pptp vpn tunnel? Is there an inside or other interface missing from the diagram? Let me know because if you are not using the Internet interface from your work workstation, then the debug will not show anything on the outside/Internet interface.
Are there access-lists configured and applied to the outside interface via the access-group command? Even with a static, for traffic to cross a lower to higher interface, an access-list needs to be applied to the lower interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...