Baffled: Static mapping works, NAT/PAT doesn't

t-hills · ‎10-09-2003

I have a NAT pool of 4 address and I have one PAT address. All machines can successfully browse all sites on the internet, except one site. Some of the machines can successfully connect to one particular https site. Other machines cannot. The machines that can access this site are all machines that have statically mapped global addresses. The machines that cannot access this site are all machines that are attempting to connect to this site using either the NAT or PAT global pool.

All machines can connect to any other HTTPS site. So, I'm not sure if this has something to do with a particular version of SSL that requires that a client have a statically mapped address or not.

Any ideas would be appreciated,

Thanks,

-tamara

nkhawaja · ‎10-09-2003

Hi,

It looks to me a reverse DNS lookup issue. Make a reverse DNS entry in your DNS server for your PAT address. Here is a link for your reference.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Thanks

Nadeem

t-hills · ‎10-29-2003

I tried making reverse DNS entries for all my NAT/PAT addresses. Still, I'm unable to connect. Why would the PIX be blocking access to this one particular address from NAT/PAT'ed machines on the inside? machines with statically mapped IP's have no problem connecting to this site.

Thanks,

-tamara

anup_bekal · ‎10-30-2003

Hi

Please check your access list corresponding to the above said NAT/PAT. It might be only allowing a particular port/service. You need to give 'eq https' OR 'eq any' in your access list (of course, if your company security policy allows this).

Try this, best of luck.

Anoop Kumar Narayanan, Network Administrator

NICBM Kuwait

anup_bekal · ‎11-18-2003

Hi

Hope you have tested the previous suggestion from me. Please let me know if it works or not.

Regards

Anoop K Narayanan