Does anyone have any advice for the below?

 

Thanks

 

________________________________

From: Bowley, David 
Sent: 12 January 2008 16:48
To: '[email protected]'
Subject: section 17 2.3

 

 

Hi 

 

For Section 17 I am trying to enable outside NAT on the PIX to allow
VLAN 6 to be able to communicate to CAT1 so that any traffic from VLAN 6
is translated to an address on VLAN 111.

I have added the following to enable this:

 

Nat (outside) 2 200.13.6.0 255.255.255.0 outside

Global (inside) 2 172.16.111.6

 

I have also allowed ICMP through on the PIX to anywhere but receive the
following debug message on the PIX when pinging from R6 inside
interface:

%PIX-3-305005: No translation group found for icmp src
outside:200.13.6.6 dst inside:172.16.111.12

 

>From the previous steps in the section I have added the following:

global (outside) 1 200.13.122.1-200.13.122.48

global (outside) 1 200.13.122.49

nat (inside) 1 172.16.111.0 255.255.255.0

static (inside,outside) 200.13.112.100 172.16.111.12 netmask
255.255.255.255

 

and it seems that these commands are causing the problems with the above
outside nat command.

 Once I remove nat (inside) 1 172.16.111.0 255.255.255.0 and

static (inside,outside) 200.13.112.100 172.16.111.12 netmask
255.255.255.255 I am able to ping from VLAN 6(R6 inside interface) to
VLAN 111(CAT1) OK.

 

The outside nat doesn't look achievable on two parts. Firstly, the
static (inside,outside) that is configured and secondly the nat (inside)
commands seem to confuse the outside nat.

 

Is there a way around this or can outside NAT only be used when there
isn't a static NAT or nat (inside) command already configured for an
address that you are trying to communicate with.

 

Thanks in advance

 

David 
 
**********************************************************************
DISCLAIMER:
This correspondence may contain information which is confidential or 
proprietary or both.  Any dissemination, distribution, copying or use of this 
communication without prior permission of the addressee is strictly prohibited. 
If you are not the intended recipient you may not disclose, copy or use this 
information.  If you have received this message in error, please contact the 
sender to discuss its return or destruction.

The contents, comments and views contained or expressed within this 
correspondence do not necessarily reflect those of Redstone, its subsidiaries, 
affiliates, associates or sister companies and are not intended to create legal 
relations with the recipient.

Redstone may monitor email traffic data and also the content of email for the 
purposes of security and staff training. 

If you would like to know more about Redstone, visit us on the web at 
www.redstone.co.uk or contact our Head Office on 0845-200-2200.


Redstone Converged Solutions Limited 
Registered in England & Wales with Company Number: 3476733
Registered Office: 80 Great Eastern Street, London EC2A 3RS
**********************************************************************

Reply via email to