Security Context - NATing issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2008 07:27 AM - edited 03-11-2019 05:39 AM
Hi All,
I have configured two contexts on PIX, i.e. one for Admin and one for Client. I have configured two sub interfaces and assigned VLANs to use for inside networks whereas i have shared outside interface between two contexts.
Now i am confuse about the NATing part for this design.I am able to access the internet from admin context. However not able to telnet my ISP router from my network. I have assigned tow ip networks to the inside interface of the ISP rotuers i.e. 10.10.10.X and public ip range. Now if i telent on public ip it works where as if i telent on 10.10.10.X network it won't work. Also my radius is stop authenticating on the router. i am able to ping raidus server from the router.
Could you please help me to solve this issue.
Adm Ctx:
interface Inside_adm
nameif inside
security-level 100
ip address 10.126.1.17 255.255.255.0
!
interface outside_adm
nameif outside
security-level 0
ip address 10.10.10.201 255.255.255.0
same-security-traffic permit intra-interface
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
i have not using NAT on PIX.
ISP router:
interface FastEthernet0/0
ip address 203.88.99.101 255.255.255.240 secondary
ip address 10.10.10.4 255.255.255.0
ip nat inside
ip nat pool Test XXXX netmask 255.255.255.240
ip nat inside source list 1 pool Test overload
Ip rotue 10.126.1.0 255.255.255.0 10.10.10.200
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2008 05:12 PM
Hello,
so I'm noticing on your ISP router it is doing the natting right now for you. I'm assuming your not trying to do double nat out to the internet so you need to do a nat exemption on your PIX/ASA
can you confirm this little traffic drawing.
HOSTA10.126.1.X --> 10.126.1.17 PIX 10.10.10.201--> 10.10.10.4 ISPRTR --> Internet
I also notice that your ip route on the isp router is pointed to 200 instead of 201.
