Currently i have a pix 515e serving three buildings. Recently i have had a problem where every 2 days it will just stop nating. If i reboot the pix everything is grand and works well. Its an unlimited license so i know thats not the issue.. I first thought possibly my ISP may have provided me with the wrong range of IPs so i narrowed my pool down and still have the same problem.
heres a snipit of my config regarding nat, and pool.
global (outside) 2 xxx.xxx.xxx.231-xxx.xxx.xxx.240
nat (inside) 2 xxx.xxx.xxx.0 255.255.255.0 0 0
Should I try simply nating to one single external IP?
I have come to the conclusion that NAT isnt working via ping. 2 machines beside each other, one not having internet and the other one does. The one which works ( and yes its going through the pix) can ping anything in the world. The one that doesnt can no ping even my ISPs router. I were say to ping a domain it doesnt even resolve the IP. (DNS external)
You will need to configure your global statement with one IP Address if you need more than the 10 IP's you have in the current global statement. When you use multiple IP's in the global statement it creates a NAT which does a one to one mapping of external to internal IP's. When the 10 external IP's are all mapped to an internal IP, the PIX will stop natting until a connection if released. Using one IP Address in the global statement creates a PAT which uses port mapping to create a one to many mapping from the single external IP Address to many internal IP Addresses.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...