Ok...I reversed the subnet (changed from PSN to PROT) and the Destination interface (changed from PROT to PSN) in the IP Pass Through network and clicked on Inbound. Everything is working the same as before (one exception, I had to specifically allow access from the PROT to the PSN, whereas before I didn't have to) and I no longer have the Verify Configuration error.
I wasn't aware that NAT isn't applied to PSN --> PROT, I was only informed that a IP Pass Through filter would be necessary to allow PSN --> PROT access, so based on that, I created the filter and added the Network entry on the basis of FROM PSN TO PROT. Since it was "TO PROT" I had set the Destination to PROT. Thanks for your help. Ed -----Original Message----- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 23, 2001 1:27 PM To: Edward Ingram; 'Chris Green'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to allow access from PSN to PROT At 01:11 PM 10/23/2001 -0700, Edward Ingram wrote: >The interface field is labeled Destination. If I put in PSN for that >field, then it would apply IP Pass Through to packets that came from >the PSN Network and were destined for the PSN Interface (itself). That >wouldn't work because I obviously want NAT for packets coming from the >PSN to the EXT since the PSN Network is a private network. By >specifying the PROT network, I'm telling it not to apply NAT for >packets coming from the PSN Network destined for the PROT >network...which is what I want. but there would never *be* NAT applied for PSN => PROT packets, so this makes no sense. If you want PSN<==>PROT without NAT, the passthrough network/hosts should be the PROT subnet, with the PSN interface specified. You may or may not need to select "Inbound", depending on your setup.
