Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with NAT + Global

Hello,

I have the following problem:

I use a PIX 525 (with Pix Firewall 6.1(2)) to protect two networks: One DMZ and one INSIDE network.

In the DMZ i'm not use NAT. In the Inside I want to use NAT, to access at DMZ and at Outside.

The parameters are:

DMZ: network xxx.xxx.xxx.0/24

INSIDE: network 10.0.0.0/24

Outside: network zzz.zzz.zzz.0/30 (connect to a router, that give access to Internet).

My configuration for this is:

global (outside) 1 xxx.xxx.xxx.164

global (dmz) 1 xxx.xxx.xxx.163

nat (inside) 1 10.0.0.0 255.255.255.0 0 0

nat (dmz) 0 0.0.0.0 0.0.0.0 0 0

static (dmz,outside) xxx.xxx.xxx.0 xxx.xxx.xxx.0 netmask 255.255.255.0 0 0

By default, the traffic to 0.0.0.0/0 is sent to the zzz.zzz.zzz.2/30 (interface on the router that connects to the PIX)

With this i can access from DMZ to the Outside and from Inside to DMZ, but i can't access from Inside to Outside directly.

The log of PIX give me the following messages:

Feb 22 18:05:51 fw1-fe2 %PIX-3-305006: portmap translation creation failed for tcp src inside:10.0.0.253/1118 dst world:198.133.219.25/80

Somebody can help me?

Thanks,

Nuno.

1 REPLY
New Member

Re: Problem with NAT + Global

Humm, it seems you are using public IP addresses from the same subnet (xxx.xxx.xxx.164 & 163) on different interfaces. Your PIX isn't able to route that.

Benoît

80
Views
0
Helpful
1
Replies
CreatePlease login to create content