I have something that I need your help clarifying it to me; for the sake of testing outside NAT in PIX I placed a host on the outside interface of my PIX FW and another one on the inside interface. Let's call the inside host (Host A: 172.16.1.178) and the outside host (Host B: 192.168.1.96).
I then applied:
NAT (inside) 0 0 0 and
NAT (outside) 0 0 0 outside
commands to have both subnets appear to each others with their original IP addresses. When pinging from Host B to Host A, no response is received and a syslog message 305005 appears (No translation group found for ICMP src outside: 192.168.1.96 dst inside: 172.16.1.178) ... However, when pinging from Host A to Host B with the original Host B IP, a response is received succefully. After doing that, confusingly if I try again to ping from Host B to Host A, things work this time with no errors. (Note: ICMP is applied both way).
When applying Clear XLATE, we start over! It looks like the PIX doesnt forward the request from Host B to Host A unless there's a previous session established from Host A through the PIX.
Does anybody have any explanation for what's happening? Is their anybody who went through something like this before?
Re: Low Security-Level Accessing High Security-Level
I'm also facing the same problem with FWSM Module in Cisco 6509 Switch.
The command you have given applies for a single host static translation "static (inside,outside) 172.16.1.178 172.16.1.178 netmask 255.255.255.255". I have a full network of 172.21.X.X using Nat 0. How to give the static natting for the full network ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :