Solved: NATTING ISSUE from local to global in PIX 515

habeebuddin786 · ‎04-06-2011

Hello Folks,

I need assistance for natting. We are using public IPs 18.12.67.0/22 IP to connect to private IPs 10.0.0.0 internal network. Few Internal IPs are successfully translating to internal IPs as shown below:

fw01# sh xlate | in 18.12.67
Global 18.12.67.30 Local 10.1.4.30
Global 18.12.67.21 Local 10.1.4.21
Global 18.12.67.22 Local 10.1.4.22
Global 18.12.67.24 Local 10.1.4.24
Global 18.12.67.29 Local 10.1.4.29
Global 18.12.67.25 Local 10.1.4.25

static (inside,outside) 18.12.67.22 10.1.4.22 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.24 10.1.4.24 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.25 10.1.4.25 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.28 10.1.4.28 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.29 10.1.4.29 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.30 10.1.4.30 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.21 10.1.4.21 netmask 255.255.255.255 0 0

Few IPs are not translating, tried to clear the translation global/local but no go..... here are the public IPs which are not translating with the config as described below:

static (inside,outside) 18.12.67.67 10.1.1.76 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.65 10.1.1.59 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.66 10.1.1.75 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.68 10.1.1.77 netmask 255.255.255.255 0 0
static (inside,outside) 18.12.67.69 10.1.0.56 netmask 255.255.255.255 0 0

Note: - The public IPs are configured in the firewall as outside world HTTP_HTTPS as described below:

object-group network HTTP_HTTPS_WORLD

network-object host 18.12.67.21

network-object host 18.12.67.22
network-object host 18.12.67.23
network-object host 18.12.67.24
network-object host 18.12.67.25
network-object host 18.12.67.26
network-object host 18.12.67.27
network-object host 18.12.67.28
network-object host 18.12.67.29
network-object host 18.12.67.60
network-object host 18.12.67.61
network-object host 18.12.67.62
network-object host 18.12.67.63
network-object host 18.12.67.64
network-object host 18.12.67.65
network-object host 18.12.67.66
network-object host 18.12.67.67
network-object host 18.12.67.68
network-object host 18.12.67.69

Appreciate your time and help in regard to this issue.

Thanks

-Ahmed

padatta · ‎04-07-2011

Hi,

Can we have the 'show run' and 'show xlate detail' outputs? I'll need them for a better understanding of the config.

Paps

View solution in original post

padatta · ‎04-07-2011

Hi,

Can we have the 'show run' and 'show xlate detail' outputs? I'll need them for a better understanding of the config.

Paps

habeebuddin786 · ‎04-17-2011

Hi Paps,

Thanks fpr your response. The issue of translation is got reolved. The one which is natting from public to private IP is translating now.. Private IP is the VIP address at load balancers and the real servers for the VIP are configured with loopback0:0 as Different IP address instead of VIP IP. I changed the loopback IP on the real servers its starting translating.

The new issue has occured. From outside world 554 port is not accessible but from internal network port 554 is accessible.

I'll create new request for this issue.

Thanks

-Ahmed