Hello everybody, I have configured a PIX 515E v6.1(2) with following for NAT/PAT address translation :
ip address outside x.y.z.2 255.255.255.0 ip address inside 192.168.0.1 255.255.255.0 route outside 0.0.0.0 0.0.0.0 x.y.z.1 1 global (outside) 1 x.y.z.100-x.y.z.253 global (outside) 1 x.y.z.254 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 Inside hosts have necessary permissions for initiating web traffic and all the hosts which gets an address from NAT pool(100-253) can browse the web. However, clients which are allocated from PAT address(254), can not browse the web. These clients can resolve DNS names to IP addresses though. when I issue "show xlat" command, PAT addresses are shown as allocated to some clients, which I verify that they can't access to web. I have used Cisco Output interpretter tool. But it didn't give me any warning or configuration error. And I think the config is pretty straight forward. (Which might be the reason of a mistake I can't see) One friend informed that PIX has a problem in a configuration like this, where outside address is in the same segment with the address used for PAT. Can someone confirm this information, and if so, is this behaviour a bug or a configuration mistake I am making. Best regards, Ufuk Yasibeyli Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44957&t=44957 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
