https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651075#M1034510 <HTML><HEAD></HEAD><BODY><P>Diagaram</P><P></P><P> </P><P></P></BODY></HTML> Wed, 07 Feb 2007 13:27:32 GMT astanislaus 2007-02-07T13:27:32Z https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651074#M1034495 <P></P><P></P><P>Here is the setup:</P><P></P><P> </P><P></P><P></P><P></P><P> </P><P></P><P>Scenario A</P><P></P><P>1. The network 1.1.1.0/23 is dynamically translated to 5.5.5.5 when accessing the resources 7.7.7.7 and 8.8.8.8 on port 443. This has been working for months, then last week it stopped working.</P><P></P><P> </P><P></P><P>Scenario B</P><P></P><P>1. To resolve the problem on scenario A, host within the 1.1.1.0/23 network were statically translated to individual IP addresses. This is now working.</P><P></P><P> </P><P></P><P>Scenario C</P><P></P><P></P><P></P><P> </P><P></P><P>Another solution for scenario A is scenario C, the network 1.1.1.0/23 is translated to 5.5.5.5 upon reaching PIX, Identity NAT is applied and this setup is working. </P><P> </P><P></P><P> </P><P></P><P>Questions:</P><P></P><P>What caused the dynamic NAT to stopped working? </P><P>How can we restore dynamic NAT from working again? </P><P>Isolation shows that Static and Identity NAT are working. </P><P> </P><P></P><P>NOTE: IP addresses here are not the actual IP Addresses in production.</P><P></P><P></P> Mon, 11 Mar 2019 09:30:21 GMT https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651074#M1034495 astanislaus 2019-03-11T09:30:21Z https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651075#M1034510 <HTML><HEAD></HEAD><BODY><P>Diagaram</P><P></P><P> </P><P></P></BODY></HTML> Wed, 07 Feb 2007 13:27:32 GMT https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651075#M1034510 astanislaus 2007-02-07T13:27:32Z https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651076#M1034524 <HTML><HEAD></HEAD><BODY><P>Sorry. I thought the attaching file was not working and hence by mistake attached same diagram thrice.</P></BODY></HTML> Wed, 07 Feb 2007 13:28:40 GMT https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651076#M1034524 astanislaus 2007-02-07T13:28:40Z https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651077#M1034537 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Could you send the config of the pix. </P><P></P><P>Also could you let us know which scenario you are currently running so the pix config makes sense. </P><P></P><P>Thanks </P><P></P><P>Jon </P></BODY></HTML> Wed, 07 Feb 2007 13:33:55 GMT https://community.cisco.com/t5/network-security/pix-dynamic-nat-issue/m-p/651077#M1034537 Jon Marshall 2007-02-07T13:33:55Z