https://community.cisco.com/t5/network-security/xlate-table/m-p/1228537#M860758 <HTML><HEAD></HEAD><BODY><P>yes, I've been able to ping, trace etc from the firewall (FWSM) and/or the switch...its only when you are isolated to this particular VLAN..</P><P></P><P>It has to do with the translation of the 160.130.x.x address...but, i'm not sure why..here's my thinking.</P><P></P><P>I'm able to gain access to the 160.130.x.x when i put a static translation in, translating outside interface to inside (vlan) interface.</P><P></P><P>However, this is the only interface (that I've discovered) that this is necessary for...There is another VLAN that accesses the same destination subnet, that doesnt require the translation statement...</P><P></P><P>I know this is difficult to do without being able to post config information, but unfortunately, i'm not in a position to do so...</P><P></P><P>I was hoping to just get some "thoughts" about potential reasons this translation statement would be necessary...</P><P></P><P>thanks</P></BODY></HTML> Fri, 17 Apr 2009 10:12:18 GMT Bruce Summers 2009-04-17T10:12:18Z https://community.cisco.com/t5/network-security/xlate-table/m-p/1228533#M860745 <P>Can anybody point me in the right direction. I'm running a PIX 535 v8.0.3..</P><P></P><P>I'm attempting to connect from a specific VLAN (100) to a destination IP outside of our enclave (160.130.x.x). from this VLAN, i'm performing telnet, trace, ping, etc ALL of which fail. I perform the same (ping, telnet, etc..) to a different destination IP (159.160.x.x), from the same VLAN, taking the same route, and all attempts are successful.</P><P></P><P>I've looked at the ACL's and routes.</P><P></P><P>The only thing I do note is that when </P><P>accessing the 159.130.x.x, a translation table entry is being created. HOWEVER, when attempting connections to the 160.130.x.x, NO XLATE table is created.</P><P></P><P>I'm not entirely sure why that would be...I'm sure I havent explained this very well, or enough detail, but if you could give me some potential reasons I can research them further...</P><P></P><P>thanks</P><P></P><P>bruce</P> Mon, 11 Mar 2019 15:19:55 GMT https://community.cisco.com/t5/network-security/xlate-table/m-p/1228533#M860745 Bruce Summers 2019-03-11T15:19:55Z https://community.cisco.com/t5/network-security/xlate-table/m-p/1228534#M860748 <HTML><HEAD></HEAD><BODY><P>Can you post access list and routes??</P></BODY></HTML> Thu, 16 Apr 2009 22:08:25 GMT https://community.cisco.com/t5/network-security/xlate-table/m-p/1228534#M860748 lm20ele 2009-04-16T22:08:25Z https://community.cisco.com/t5/network-security/xlate-table/m-p/1228535#M860750 <HTML><HEAD></HEAD><BODY><P>this is going to be sanitized, but it gives you the jist...</P><P></P><P>access-list inbound extended permit ip any any </P><P><APPLIED to="" interface="" of="" vlan="" 100=""></APPLIED></P><P></P><P>route outside 0.0.0.0 0.0.0.0 X.X.X.1</P><P></P><P>routing to outside interface via interface VLAN 100 (x.x.x.1)</P><P></P><P>I entered a static translation for the 160.130.x.x advertising from the outside to VLAN100 and it began working...but, i'm not sure why...I dont think I should have to have that translation...</P><P></P></BODY></HTML> Thu, 16 Apr 2009 23:13:26 GMT https://community.cisco.com/t5/network-security/xlate-table/m-p/1228535#M860750 Bruce Summers 2009-04-16T23:13:26Z https://community.cisco.com/t5/network-security/xlate-table/m-p/1228536#M860753 <HTML><HEAD></HEAD><BODY><P>Hi Bruce,</P><P></P><P>Lets try to debug this way:</P><P>First Try to ping, telnet, trace from your PIX to 160.130.x.x, if it works then you have to check ACL and NAT in PIX.</P><P></P><P>But, if it doesn't work from the PIX itself then check the routes to that network or might ping/tracert is not allowed on that subnet.</P><P></P></BODY></HTML> Fri, 17 Apr 2009 02:41:13 GMT https://community.cisco.com/t5/network-security/xlate-table/m-p/1228536#M860753 roshan.maskey 2009-04-17T02:41:13Z https://community.cisco.com/t5/network-security/xlate-table/m-p/1228537#M860758 <HTML><HEAD></HEAD><BODY><P>yes, I've been able to ping, trace etc from the firewall (FWSM) and/or the switch...its only when you are isolated to this particular VLAN..</P><P></P><P>It has to do with the translation of the 160.130.x.x address...but, i'm not sure why..here's my thinking.</P><P></P><P>I'm able to gain access to the 160.130.x.x when i put a static translation in, translating outside interface to inside (vlan) interface.</P><P></P><P>However, this is the only interface (that I've discovered) that this is necessary for...There is another VLAN that accesses the same destination subnet, that doesnt require the translation statement...</P><P></P><P>I know this is difficult to do without being able to post config information, but unfortunately, i'm not in a position to do so...</P><P></P><P>I was hoping to just get some "thoughts" about potential reasons this translation statement would be necessary...</P><P></P><P>thanks</P></BODY></HTML> Fri, 17 Apr 2009 10:12:18 GMT https://community.cisco.com/t5/network-security/xlate-table/m-p/1228537#M860758 Bruce Summers 2009-04-17T10:12:18Z