I have a problem with NAT on a PIX firewall. It is a problem with overlapping IP networks on the inside and outiside network.
To solve that problem I found out, that the IOS router is able to do excactly the same thing as I want it to do.
I would like to solve the overlapping network problem on one NAT device.
I think the problem must be somewhere in the architecture packets are forewared by the PIX.
I always get a "no route to destination" on the pix whereas on the IOS router it works!
Is there a difference in processing packets? Think on PIX NAT is before routing and on the IOS Router NAT is the very last before queueing the packet on the outbound interface. Is that correct? (maybe the outbound ACL is behind NAT?!)
What I am really looking for is a document on the CCO where the processing architecture for the PIX firewall is shown.
I found out there is something like that for IOS Routers but I was not able to find it for PIX!
My understanding is that when the PIX says 'no route to destination', it may be due to the missing 'route' commands. In PIX, you can configure two route statements one for inside and one for outside. Basically these will be used as default routes for sending packets. PIX is not designed for routing packets and hence will not be intillligence enough to route packets without the 'route' commands.
Inside-to-outside translation occurs after routing and outside-to-inside translation occurs before routing.
Here is the page that shows NAT order of operation in a router:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...