Verification request of config of PIX Catalyst logical interface
I have a need to use one interface on my PIX 525 (version 7.2(2)) as a logical interface so that I can use NAT to reference local non-routable DMZ IP addresses into ospf advertised IP addresses. I?ve connected PIX ethernet 4 into my Cisco 6500 switch slot 12 port 43. I?ve enabled trunking on 12/43 and 12/43 resides in my management domain (VLAN1). My relevant switch and FW config is below.
Issue: Not working: Host 172.31.76.100 attempts to RDP to NAT address 172.31.48.100 but fails. I would like to have confirmation that this config is correct from the community.
Port status is:
12/43 PIX-525-ETH4 connected trunk full 100 10/100/1000
Trunk config is:
clear trunk 12/43 2-239,241-1005,1025-4094
set trunk 12/43 on dot1q 1,240
Trunk status is:
12/43 on dot1q trunking 1
Firewall interface config is:
description Base interface for DMZ translations
no ip address
ip address 172.30.243.100 255.255.252.0
ACL config is:
access-list VLAN240 remark NAT control into VLAN240 from inside
access-list VLAN240 extended permit ip 172.31.76.0 255.255.255.0 host 172.31.48.100
access-list VLAN240_IN remark Regulate access from VLAN240 into inside
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...