No PAT from Higher Sec to Lower Sec interface

Discussion in 'Cisco' started by Clemens Schwaighofer, Oct 20, 2005.

  1. Clemens Schwaighofer

    Clemens Schwaighofer Guest

    I am a bit at a loss here.

    I have three networks on my pix: inside, outside and a dmz. I want to
    have traffic from inside to the dmz bet masquerarded (visiable as a dmz
    ip to the dmz boxes) and vica versa (dmz traffic to the inside should be
    seen with an inside ip).

    I have right now these nat sets.

    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 10 192.168.0.0 255.255.0.0
    nat (bcc) 0 access-list dmz_outbound_nat0_acl
    nat (bcc) 10 172.16.0.0 255.255.0.0

    from both I can access outside so there the Masquerading works. but
    inbweteen I see the others box IP instead of the masqueraded one.

    eg from an inside box to dmz I do
    #> telnet dmz_ip 21

    and I see in the netstat -an view on the dmz box the inside ip
    (192.168...) and not the PIX GW ip (172.16....).

    Same with the other way around

    So what can I do, to make this happen?
     
    Clemens Schwaighofer, Oct 20, 2005
    #1

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Going from higher security level interface to lower security interface- HELP!!! -

  2. Accessing higher security level from higher security level

  3. Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E

  4. Static PAT overrides Dynamic Pat - Pix 515e

  5. Upgrade path: MCSA2000:Sec -> MCSA2003 -> MCSE2003:Sec ?

  6. Bigger image size and lower quality vs. Smaller image size and higher quality

  7. Newbie: Canon A75 - Some Images look worse on higher res than lower

  8. Help! ASA5510 Lower to Higher

Loading...