Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Source NAT from outside

PIX 560E 6.3(5)

I need to take inbound communications from a remote VPN site and have them come out of the inside interface of my PIX and appear to originate from that inside interface.

I have:

global (insdide) 1 interface

nat (outside) 1 access-list acl_vpn outside

access-list acl_vpn permit ip host <host from the outside> <network it needs to access> <subnet of inside network>

sh xlate seems to be working as I get:

PAT Global <inside interface address>(17) Local <outside ip> ICMP id 147

I get no replies from the pinged box though. I can ping it directly from the PIX itself though.


Re: Source NAT from outside

Hi .. sometimes using pings is probably not the best way to test connectivity across a firewall specially if you are using NAT and don't have ICMP inspection enabled. I suggest enabling icmp error inspection using - fixup protocol icmp error - Also try using a different application i.e telnet, RDP or something like that.

I hope it helps .. please rate it if it does !!!