Basically all users sit on Lan called Bpoint_users. These users as they hit their interface go into a VPN. The only traffic which does not go in the VPN is a file server and a printer.
The traffic going thru the VPN works fine, they get to the whole internet etc. The file server can be accessed unencrypted.
My issue is that to access the printer, I need to PAT them behind the egress interface. So you can see in the below cryptomap entry that the traffic to 10.137.20.254 is not encrypted, that all works. The traffic goes out the egress interface as clear text. My problem is that it does not get PAT. I have the nat command along with the global. I have done the exact same thing on version 6.3.4 on other pix's and it works, I cannot figure out why on this it will not PAT it, it just sends it out as original source.
I would appreciate any feedback. I did wonder if once it hit the first default NAT entry that is would not go onto the next, but it does in 6.3.4. I cannot add a deny to the NAT 0 acl as it does not allow that.
In order to maximize security when you implement Cisco PIX Security Appliance version 7.0, it is important to understand how packets pass between higher security interfaces and lower security interfaces when you use the nat-control, nat, global, static, access-list and access-group commands. This document explains the differences between these commands and how to configure port redirection and the outside Network Address Translation (NAT) features in PIX software version 7.0, with the use of the command line interface or the Adaptive Security Device Manager (ASDM).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...