Problem with NAT + Global

nuno · ‎02-22-2002

Hello,

I have the following problem:

I use a PIX 525 (with Pix Firewall 6.1(2)) to protect two networks: One DMZ and one INSIDE network.

In the DMZ i'm not use NAT. In the Inside I want to use NAT, to access at DMZ and at Outside.

The parameters are:

DMZ: network xxx.xxx.xxx.0/24

INSIDE: network 10.0.0.0/24

Outside: network zzz.zzz.zzz.0/30 (connect to a router, that give access to Internet).

My configuration for this is:

global (outside) 1 xxx.xxx.xxx.164

global (dmz) 1 xxx.xxx.xxx.163

nat (inside) 1 10.0.0.0 255.255.255.0 0 0

nat (dmz) 0 0.0.0.0 0.0.0.0 0 0

static (dmz,outside) xxx.xxx.xxx.0 xxx.xxx.xxx.0 netmask 255.255.255.0 0 0

By default, the traffic to 0.0.0.0/0 is sent to the zzz.zzz.zzz.2/30 (interface on the router that connects to the PIX)

With this i can access from DMZ to the Outside and from Inside to DMZ, but i can't access from Inside to Outside directly.

The log of PIX give me the following messages:

Feb 22 18:05:51 fw1-fe2 %PIX-3-305006: portmap translation creation failed for tcp src inside:10.0.0.253/1118 dst world:198.133.219.25/80

Somebody can help me?

Thanks,

Nuno.

bdube · ‎02-23-2002

Humm, it seems you are using public IP addresses from the same subnet (xxx.xxx.xxx.164 & 163) on different interfaces. Your PIX isn't able to route that.

Benoît