Julio,

   Thanks for your reply. This looks like it should work for me, but it does not - I hope I am missing something easy. There is a NO_NAT configuration in place, as some of the traffic cannot be natted (vpn traffic). Below is the relevant code, if you have any ideas, thanks a million.

I tried your suggestion NAT (inside) 1 0.0.0.0 0.0.0.0

                                 GLOBAL (outsied) 1 interface

with no luck

I also tried static (inside,outside) 172.29.139.30 10.53.1.58 netmask 255.255.255.255, and those two hosts still cannot communicate.

I am basically trying to let 10.53.1.56 255.255.255.248 and 172.29.139.0 255.255.255.128 communicate.

10.53.1.58 is one of the PCs on the inside, and 172.29.139.30 is one of the printers on the outside.

=================================================================================

interface Vlan1

nameif inside

security-level 100

ip address 10.53.1.57 255.255.255.248

!

interface Vlan2

nameif outside

security-level 0

ip address 172.29.139.140 255.255.255.128

access-list No_NAT extended permit ip 10.53.1.56 255.255.255.248 10.0.0.0 255.0.0.0

access-list Outside_VPN extended permit ip 10.53.1.56 255.255.255.248 10.0.0.0 255.0.0.0

global (outside) 1 interface

nat (inside) 0 access-list No_NAT

============================================================================

Julio,

   Thank you so much - it is working now and I hope to return the favor one day. I was testing with pings, and it looks like fixup protocol icmp did it for me. I know have a much better understanding of NAT PAT as well.

Thanks and Happy Holidyas -

MArtin

Thanks David - it looks like I had multiple issues with fixup protocol icmp an no nat control.

Happy Holidays !

Martin