We recently added a new network segment and are having problems NAT'ing the new segment on our PIX 525. When I view xlate I can tell that the new IP's are not translating. I've cleared the xlate and even changed the PIX config from allowing specific networks to NAT to allowing all networks to NAT using "nat (inside) 1 0.0.0.0 0.0.0.0 0 0" and it's still not working for the new segment. Our primary network doesn't have any problems at all.
To give you an idea of how the network is configured:
Primary network segment is 10.0.4.0/22
New network segment is 10.0.12.0/26
The primary network uses the inside IP of the PIX as a default gateway. The new network segment uses as it's gateway a virtual interface IP address on our Catalyst switch. The L3 switch uses the inside IP of the PIX as it's gateway. I've added a route on the PIX back to the switch and I can ping the inside of the PIX from the new network segment so I'm confident it's not a routing issue.
I will be happy to provide specific portions of our PIX configuration if requested but we have quite a few VPN tunnels configured and I was hesitant to post it right off the start.
Your nat (inside) 1 0.0.0.0 0.0.0.0 will translate all source ip address coming from the inside interface, if you do not have any nat (inside) 0 or static statements which may be taking precedence. The nat 0 and statics are checked first before the nat (inside) 1 occurs.
Please check your configuration for this, especially since you have several vpn tunnels.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :