Pix Firewall dmz

swapnamkj · ‎12-14-2004

I have pix 515e . and also i have 2 set off public ips from my isp. I confgiure one set of ips in global 1 in my pix with dmz network its working fine

i try to set other set of ips in my pix with global 2 with same nat, access-list and static route

its not working

ehirsel · ‎12-15-2004

The id in the nat statement needs to match the id in the global statement.

Is your objective to nat to global pool 1 for inside devices connecting to some dmz network hosts, and use global 2 for connections to other hosts?

Please post the relevant parts of the config and a more detailed description of what you are trying to do, and I can help further.

One other item: If you just want to change over from using one pool to another, besides insureing that the nat id and global id match, you may need to do a clear xlate. The clear xlate will teardown existing connections, so be careful if of doing it during production hours.

swapnamkj · ‎12-15-2004

Hi

Thanks for your replay . Sorry next time i post the problem in correct place.

I already gave the gloabl 2 pool and create the separte the nat for global id also.

and create static route for this.

ehirsel · ‎12-20-2004

You posted the problem in the proper forum. Are you still having the issue? You may want to examine the pix logs to see if any relevant messages are seen; if that is the case post them here.

swapnamkj · ‎12-20-2004

HI

Yes i have the problem still. can you help me

ehirsel · ‎12-21-2004

I will try to help. Please post the nat, global, static route, and acl info here, along with notes to say what works and what does not, as that info can help me solve your issue.