07-22-2003 02:01 AM - edited 02-20-2020 10:52 PM
Dear CIscoer,
global (outside) 1 202.160.2.xxx
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
But when I try to connect to internet the PIX do not NAT the client IP address. But when I do a ping the PIX will NAT the client interface but still cannot touch the target host (I have create and apply an access list to permit ICMP). The software version is 6.2 (2). Is it bug?
Thanks In Advance
HATO
07-22-2003 02:17 AM
Hato -
Have tried to clear translations with cmd: clear xlate ??
Thanks -
07-22-2003 02:26 AM
Yes,
Have try to clear the transation. But still won't works. The PIX have 3 interface. It is ok right. I can ping from the PIX to the DNS. But not from the client side. The PIX will translate for the ICMP but with no return. When using the http the PIX not translate them.
BEst regards,
HATO
07-22-2003 03:03 AM
Hato -
Are we talking about DMZ problem or ICMP translation or even http translation problems ? can you please explain...
Thanks --
07-22-2003 02:25 AM
Hato,
Also, I presume you configured you NAT Like the following :
ip address outside 192.168.1.1 255.255.255.0
ip address inside 192.168.2.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 192.168.1.2 1
route inside 192.168.3.0 255.255.255.0 192.168.2.2 1
global (outside) 1 199.199.199.0 netmask 255.255.255.0
nat (inside) 1 0 0
After the config remember to save with cmd: wr m (write memory) and also issue a cmd: clear xlate
Hope this helps --
07-22-2003 03:08 AM
Thank you.
07-25-2003 01:25 AM
Hi Hato,
You should not use ICMP to test for translations, cause ICMP is not handled by the ASA. All other traffic is, so, testing with tcp or udp will work with your current setup. If you especially want to test with ICMP you have to set some rules oin your outside in access-list to let the ICMP response traffic in :-)
Kind Regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide