https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351879#M751254 <HTML><HEAD></HEAD><BODY><P>Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.&nbsp; It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.&nbsp; Check that.</P><P></P><P>Thanks, Glenn.</P></BODY></HTML> Mon, 11 Jan 2010 23:21:40 GMT gfullage 2010-01-11T23:21:40Z https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351878#M751253 <P><SPAN style="font-size: 10pt;"></SPAN></P><P>Hi Everyone,</P><P></P><P></P><P>I have a PIX 515 with 2 interaces, Using INSIDE 192.168.1.0 Network and OUTSIDE 206.207.208.0 Network.</P><P>I have currently web servers mapped for the External IP to the Inside: 206.207.208.15 to the 192.168.1.15 Address.NAT Translation is working fine for 192.168.1.0 network.</P><P>Now I have a WEBSERVER on a subnet 192.168.3.0, which I need to NAT from this PIX 515.</P><P></P><P>**************************************************************************************************</P><P>name 192.168.3.48 WEBSERVER48</P><P>access-list outside_access_in permit tcp any host 206.207.208.16 eq www</P><P>pdm location 192.168.3.48 255.255.255.255 inside</P><P>nat (inside) 1 192.168.3.48 255.255.255.255 0 0</P><P>static (inside,outside) 206.207.208.16 192.168.3.48 netmask 255.255.255.255 0 0</P><P>route inside 192.168.3.48 255.255.255.255 192.168.1.1 1</P><P>**************************************************************************************************</P><P></P><P>The above NAT pointing to the remote network is not working for this WEBSERVER48, I see their is a delay and after that the browser times out. I can ping from the PIX 515 (Inside IP 192.168.1.50) to the 192.168.3.48 via the 192.168.1.1 Default gateway.</P><P></P><P>192.168.3.0 Network is connected through the IPVPN(MPLS Network),with 10MB guaranteed bandwidth. There are no routing issues from 192.168.1.0 for reaching to the 192.168.3.0 network.</P><P></P><P>Please advise options to troubleshoot this problem.</P><P></P><P>Thanks in advance.</P><P>Shan</P><P></P> Mon, 11 Mar 2019 16:55:59 GMT https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351878#M751253 shanahmad 2019-03-11T16:55:59Z https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351879#M751254 <HTML><HEAD></HEAD><BODY><P>Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.&nbsp; It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.&nbsp; Check that.</P><P></P><P>Thanks, Glenn.</P></BODY></HTML> Mon, 11 Jan 2010 23:21:40 GMT https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351879#M751254 gfullage 2010-01-11T23:21:40Z https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351880#M751257 <HTML><HEAD></HEAD><BODY><P>Hi Shan,</P><P></P><P> i have two questions</P><P></P><P>whether the web server is configured to listen any specific subnets?</P><P></P><P>Are you able browse it from your internal network?</P><P></P><P></P><P></P><P>Dileep</P></BODY></HTML> Tue, 12 Jan 2010 04:21:43 GMT https://community.cisco.com/t5/network-security/pix-515-nat-for-inside-remote-network-problem/m-p/1351880#M751257 Dileep Sivadas Padmini 2010-01-12T04:21:43Z