Pix -- Wan DMZ -- Router --- ATM Cloud---Router -- Remote Net
The problem I have is that my remote net can ping the internet but cannot browse.
This suggested to me either a NAT issue or Access lists.
I have put a sniffer on the outside network and I can see translated pings and web traffic exiting the network and responses coming back from the internet server but they just don't seem to reach the host on the remote network.
Here are the line of the config relating to the WAN
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 WAN security40
access-list WAN_ACCESS_IN permit icmp any any
access-list WAN_ACCESS_IN permit ip any any
access-list NO_NAT_WAN permit ip object-group NO-NAT-LIST 192.168.1.0 255.255.255.0
ip address outside EXT-FW 255.255.255.240
ip address inside INT-FW 255.255.240.0
ip address WAN 172.16.16.250 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list NO_NAT_INSIDE
nat (inside) 1 172.16.0.0 255.255.240.0 0 0
nat (WAN) 0 access-list NO_NAT_WAN
nat (WAN) 1 172.16.16.0 255.255.255.0 0 0 - Wan DMZ,
nat (WAN) 1 172.16.21.0 255.255.255.0 0 0 - Remote NEt
nat (WAN) 1 172.16.22.0 255.255.255.0 0 0 - Remote Net
Routing is obviously not an issue if you can ping. Have you verifed DNS resolution by pinging a name instead of a number? Are there any access-list on the two routers? Also, try browsing and do a "show xlate" on the pix to verify the workstation's address appears correctly in the xlate table. If the issue still is not resolved post back the version of code you are running on the pix, it may be a bug.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...