Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
2
Replies

PIX 515 NAT for Inside Remote Network Problem?

Go to solution
shanahmad
Level 1
Level 1

‎01-11-2010 10:52 AM - edited ‎03-11-2019 09:55 AM

Hi Everyone,

I have a PIX 515 with 2 interaces, Using INSIDE 192.168.1.0 Network and OUTSIDE 206.207.208.0 Network.

I have currently web servers mapped for the External IP to the Inside: 206.207.208.15 to the 192.168.1.15 Address.NAT Translation is working fine for 192.168.1.0 network.

Now I have a WEBSERVER on a subnet 192.168.3.0, which I need to NAT from this PIX 515.

**************************************************************************************************

name 192.168.3.48 WEBSERVER48

access-list outside_access_in permit tcp any host 206.207.208.16 eq www

pdm location 192.168.3.48 255.255.255.255 inside

nat (inside) 1 192.168.3.48 255.255.255.255 0 0

static (inside,outside) 206.207.208.16 192.168.3.48 netmask 255.255.255.255 0 0

route inside 192.168.3.48 255.255.255.255 192.168.1.1 1

**************************************************************************************************

The above NAT pointing to the remote network is not working for this WEBSERVER48, I see their is a delay and after that the browser times out. I can ping from the PIX 515 (Inside IP 192.168.1.50) to the 192.168.3.48 via the 192.168.1.1 Default gateway.

192.168.3.0 Network is connected through the IPVPN(MPLS Network),with 10MB guaranteed bandwidth. There are no routing issues from 192.168.1.0 for reaching to the 192.168.3.0 network.

Please advise options to troubleshoot this problem.

Thanks in advance.

Shan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎01-11-2010 03:21 PM

Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.  It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.  Check that.

Thanks, Glenn.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎01-11-2010 03:21 PM

Only thing I can think of is that the 192.168.3.x web server doesn't have a default route pointing back towards the inside interface of the PIX.  It must have a route for the 192.168.1.x network cause you can ping it from the PIX itself, but traffic coming from the Internet is going to have a public IP source address, and so the web server will need a default route that get's that traffic back to the PIX.  Check that.

Thanks, Glenn.

0 Helpful

Go to solution
Dileep Sivadas Padmini
Level 1
Level 1

‎01-11-2010 08:21 PM

Hi Shan,

i have two questions

whether the web server is configured to listen any specific subnets?

Are you able browse it from your internal network?

Dileep

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card