Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT won't works on PIX 515E

Dear CIscoer,

global (outside) 1 202.160.2.xxx

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

But when I try to connect to internet the PIX do not NAT the client IP address. But when I do a ping the PIX will NAT the client interface but still cannot touch the target host (I have create and apply an access list to permit ICMP). The software version is 6.2 (2). Is it bug?

Thanks In Advance

HATO

  • Other Security Subjects
6 REPLIES
Gold

Re: NAT won't works on PIX 515E

Hato -

Have tried to clear translations with cmd: clear xlate ??

Thanks -

New Member

Re: NAT won't works on PIX 515E

Yes,

Have try to clear the transation. But still won't works. The PIX have 3 interface. It is ok right. I can ping from the PIX to the DNS. But not from the client side. The PIX will translate for the ICMP but with no return. When using the http the PIX not translate them.

BEst regards,

HATO

Gold

Re: NAT won't works on PIX 515E

Hato -

Are we talking about DMZ problem or ICMP translation or even http translation problems ? can you please explain...

Thanks --

Gold

Re: NAT won't works on PIX 515E

Hato,

Also, I presume you configured you NAT Like the following :

ip address outside 192.168.1.1 255.255.255.0

ip address inside 192.168.2.1 255.255.255.0

route outside 0.0.0.0 0.0.0.0 192.168.1.2 1

route inside 192.168.3.0 255.255.255.0 192.168.2.2 1

global (outside) 1 199.199.199.0 netmask 255.255.255.0

nat (inside) 1 0 0

After the config remember to save with cmd: wr m (write memory) and also issue a cmd: clear xlate

Hope this helps --

New Member

Re: NAT won't works on PIX 515E

Thank you.

Silver

Re: NAT won't works on PIX 515E

Hi Hato,

You should not use ICMP to test for translations, cause ICMP is not handled by the ASA. All other traffic is, so, testing with tcp or udp will work with your current setup. If you especially want to test with ICMP you have to set some rules oin your outside in access-list to let the ICMP response traffic in :-)

Kind Regards,

Leo

104
Views
0
Helpful
6
Replies
This widget could not be displayed.