Hi
For Section 17 I am trying to enable outside NAT on the PIX to allow VLAN 6 to be able to communicate to CAT1 so that any traffic from VLAN 6 is translated to an address on VLAN 111. I have added the following to enable this: Nat (outside) 2 200.13.6.0 255.255.255.0 outside Global (inside) 2 172.16.111.6 I have also allowed ICMP through on the PIX to anywhere but receive the following debug message on the PIX when pinging from R6 inside interface: %PIX-3-305005: No translation group found for icmp src outside:200.13.6.6 dst inside:172.16.111.12 >From the previous steps in the section I have added the following: global (outside) 1 200.13.122.1-200.13.122.48 global (outside) 1 200.13.122.49 nat (inside) 1 172.16.111.0 255.255.255.0 static (inside,outside) 200.13.112.100 172.16.111.12 netmask 255.255.255.255 and it seems that these commands are causing the problems with the above outside nat command. Once I remove nat (inside) 1 172.16.111.0 255.255.255.0 and static (inside,outside) 200.13.112.100 172.16.111.12 netmask 255.255.255.255 I am able to ping from VLAN 6(R6 inside interface) to VLAN 111(CAT1) OK. The outside nat doesn't look achievable on two parts. Firstly, the static (inside,outside) that is configured and secondly the nat (inside) commands seem to confuse the outside nat. Is there a way around this or can outside NAT only be used when there isn't a static NAT or nat (inside) command already configured for an address that you are trying to communicate with. Thanks in advance David ********************************************************************** DISCLAIMER: This correspondence may contain information which is confidential or proprietary or both. Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited. If you are not the intended recipient you may not disclose, copy or use this information. If you have received this message in error, please contact the sender to discuss its return or destruction. The contents, comments and views contained or expressed within this correspondence do not necessarily reflect those of Redstone, its subsidiaries, affiliates, associates or sister companies and are not intended to create legal relations with the recipient. Redstone may monitor email traffic data and also the content of email for the purposes of security and staff training. If you would like to know more about Redstone, visit us on the web at www.redstone.co.uk or contact our Head Office on 0845-200-2200. Redstone Converged Solutions Limited Registered in England & Wales with Company Number: 3476733 Registered Office: 80 Great Eastern Street, London EC2A 3RS **********************************************************************
