From: SAMARTH (samarth_04@hotmail.com)
Date: Wed Dec 19 2007 - 10:53:45 ART
Wouldn't Nat exemption work better instead of identity Nat?
Best Wishes,
C SAMARTH
CCIE #18535
CCSP CCNP CCNA
MCSE MCSD SCSA1
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Paul
Dardinski
Sent: Wednesday, December 19, 2007 1:18 PM
To: Tim Curci; ccielab@groupstudy.com
Subject: RE: same-security-traffic permit intra-interface
Tim,
The NAT config you have defined will only affect traffic going
inter-interface (inside-outside). The issue is that you have enabled nat for
all inside to translate to outside. You don't list the contents of your acl,
but no matter what since you have defined nat for all interior paths (0 0),
you most likely are dropping your intra-interface traffic. One possibility
is to use identity nat for the intra-interface traffic and that should fix
your issue.
PD (#16842)
-----Original Message-----
From: nobody@groupstudy.com on behalf of Tim Curci
Sent: Wed 12/19/2007 1:17 AM
To: ccielab@groupstudy.com
Cc:
Subject: same-security-traffic permit intra-interface
I am having trouble hairpinning to several private networks behing
ethernet 1
(security 100) on a PIX515E-UR running 8.0 code.
I have enabled same-security-traffic permit intra-interface,
nat-control is
off and I have tried several versions of NAT including:
nat (inside ) 1 0.0.0.0 0.0.0.0
Global (outside) 1 interface
nat (inside) 2 access-list xxx
glocal (inside) 2 interface
Any ideas?
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST