Re: Problem with Static NAT

alexr · ‎05-06-2005

Hello all, it will be really apreciated if you will be able to help me with this issue.

I have PIX 515E-UR (total 6 interfaces) (Cisco PIX Firewall Version 6.3(1)). Today i installed 4FE port card to my PIX. I have 2 ISP with different public IP ranges. I would like to separate web surfing traffic and vpns on this 2 separate connections. So i have 1 outside interface to ISP1 and outintf interface to ISP2. I can ping from border router to both interfaces.

My problem that if i making static nat with new interface and after issueing clear xlate command, i still see my private IP in PAT of another ISP.

static (inside,outinf) ISP2_IP private_IP netmask 255.255.255.255 0 0

the same command with (inside,outside) works good.

Some output from startup-config:

: Saved

:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

interface ethernet3 auto

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

nameif ethernet3 outintf security5

nameif ethernet4 intf4 security8

nameif ethernet5 intf5 security10

Please help me with this issue, because i started to be crazy.

Thanks a lot

moriarty7 · ‎05-06-2005

Are these VPNs site to site or client connections?

Is the PIX terminating these, or another device behind the PIX?

alexr · ‎05-06-2005

HI Moriarty,

Thanks for your reply but this is not a problem with VPN. This is problem with user connections.

When i issueing staic (inside,outintf) ISP2 Local_IP i am not leaving Exisiting NAT.