We have a PIX static mappings for two blocks of IPs. The outside interface of the firewall is connected to a Cisco 2621 router. The router's Ethernet interface has the primary IP address in the same subnet as the PIX outside interface. We have also assigned a secondary IP address to the Interface in the other IP block (which has the static mapping on the PIX).
This set up was working well with PIX 6.2. We were able to access the hosts inside the PIX which have static mapping to both the IP blocks.
When we upgaded the PIX OS to 6.3.1, the static mapping for the second IP block not working. Only the static mapping for the IP block which is the same as the ouside Interface is working.
We are not having any static routes on the router pointing to the PIX outside interface for the second IP block. We only assigned a secondary IP address from this block for the router's Ethernet interface.
you did not mention if the addressing scheme in the second scenario has changed. If, by chance, you have configured any DHCP server, then I have something to tell you. In Pix 6.3, the default interface on which the DHCP works is not just "in". we need to
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...