ICMP issue :: Static NAT and Dynamic PAT on PIX

Discussion in 'Cisco' started by swapnendu, Oct 30, 2006.

  1. swapnendu

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    This happened by mistake....

    I did a Static NAT 172.16.1.10<=>200.X.X.X
    e.g. static (inside,outside) 200.X.X.X ,172.16.1.10

    Then the same public IP was used to do a PAT .
    nat (inside) 1 0 0
    global (outside) 200.X.X.X

    Though all the users in my inside network were able to access the internet (www, mails etc.) , expect my static host i.e 172.16.1.10 , none of the hosts were able to ping any machine on the outside network. Except ICMP almost everything was fine ( i'm using almost coz this happened in one of the production networks i was wrking on and due to the exigency, cudn't do much to figure out why and what else was not wrking )

    Any clue from anyone why this happened ..??

    though i'm myself a CCSP, i cudnt think of any obvsious reason y this wud happen ....anyway any comments/help/suggestion is welcome...

    will answer myself after some RnD if i dont get an answer on this forum for sure !!

    cheers :)
    long live Velocity reviews !!
     
    swapnendu, Oct 30, 2006
    #1
    1. Advertising

  2. swapnendu

    srinath_7

    Joined:
    Oct 16, 2006
    Messages:
    6
    PIX echo reply

    Permit icmp echo reply on the outside interface to receive replies.

    By default PIX drops ICMP packets.:shake:

     
    srinath_7, Nov 3, 2006
    #2
    1. Advertising

  3. swapnendu

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    ICMP echo reply is allowed dude, and tht is y i'm able to ping frm 172.16.1.10...its not due to ACLs but due to this combination of Static NAT and PAT using single public ip address...cudnt' get the time to replicate the scenario and do some RnD...will for for some free time :)
     
    swapnendu, Nov 4, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. badtemper@gmail.com

    PAT and Static NAT on a PIX 501

    badtemper@gmail.com, Feb 8, 2005, in forum: Cisco
    Replies:
    4
    Views:
    939
    Martin Bilgrav
    Feb 8, 2005
  2. BinSur
    Replies:
    4
    Views:
    5,820
    BinSur
    Jan 13, 2006
  3. Scott Townsend
    Replies:
    2
    Views:
    10,127
    Scott Townsend
    May 4, 2006
  4. yadap

    acl+Static nat+Dynamic Nat

    yadap, Aug 31, 2006, in forum: Cisco
    Replies:
    0
    Views:
    671
    yadap
    Aug 31, 2006
  5. dogfrndnew@yahoo.com
    Replies:
    1
    Views:
    479
    Rod Dorman
    Sep 12, 2007
Loading...

Share This Page