From: Cielieska Nathan (ncielieska@gmail.com)
Date: Wed Dec 19 2007 - 03:43:14 ART
Tim,
I would be hard pressed if what your trying to do is doable. If i'm
hearing you right your looking to send traffic from one internal
subnet for internet traffic/external and then another selectively use
an access-list to translate back into your private network. This is
atleast what i'm reading from the config.
The same-security-traffic permit intra-interface is usually used
exclusively for client tunnel traffic need to terminate into the
device then route to the internet.
I have done something similar on the ASA but you basically have SVI's
on the newer ASA's to bridge between. Cisco has big problems with
sending traffic to a PIX, then sending right back out an interface in
essence becoming a router and this can only happen in selective cases.
Maybe a little more detail would help.
Also - Wasn't aware a 515 could run 8.0 code, is this new?
Nate
On Dec 19, 2007, at 1:17 AM, Tim Curci wrote:
> I am having trouble hairpinning to several private networks behing
> ethernet 1
> (security 100) on a PIX515E-UR running 8.0 code.
>
> I have enabled same-security-traffic permit intra-interface, nat-
> control is
> off and I have tried several versions of NAT including:
>
> nat (inside ) 1 0.0.0.0 0.0.0.0
> Global (outside) 1 interface
>
> nat (inside) 2 access-list xxx
> glocal (inside) 2 interface
>
> Any ideas?
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST