From: Paul Dardinski (pauld@marshallcomm.com)
Date: Wed Dec 19 2007 - 10:18:20 ART
Tim,
The NAT config you have defined will only affect traffic going inter-interface (inside-outside). The issue is that you have enabled nat for all inside to translate to outside. You don't list the contents of your acl, but no matter what since you have defined nat for all interior paths (0 0), you most likely are dropping your intra-interface traffic. One possibility is to use identity nat for the intra-interface traffic and that should fix your issue.
PD (#16842)
-----Original Message-----
From: nobody@groupstudy.com on behalf of Tim Curci
Sent: Wed 12/19/2007 1:17 AM
To: ccielab@groupstudy.com
Cc:
Subject: same-security-traffic permit intra-interface
I am having trouble hairpinning to several private networks behing ethernet 1
(security 100) on a PIX515E-UR running 8.0 code.
I have enabled same-security-traffic permit intra-interface, nat-control is
off and I have tried several versions of NAT including:
nat (inside ) 1 0.0.0.0 0.0.0.0
Global (outside) 1 interface
nat (inside) 2 access-list xxx
glocal (inside) 2 interface
Any ideas?
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST