- Posts: 9
- Thank you received: 0
NAT not working
18 years 7 months ago #13729
by eeee
NAT not working was created by eeee
I have a VOIP Phone behind a PIX 501 working fine. I wanted to have data connection as well,so I created a dhcp pool and and ACLs only for IPSEC. following configuration is only working for VOIP phone, not working for data connection. NAT does not work. can anyone see what is wrong?
thank you
Ee
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 101 permit ip host 10.168.20.17 10.168.10.0 255.255.255.128
access-list 101 permit ip host 10.168.20.17 10.168.17.0 255.255.255.0
access-list 101 permit ip host 10.168.20.17 10.168.11.0 255.255.255.0
ip address outside dhcp setroute
ip address inside 10.168.20.22 255.255.255.248
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 101
crypto map newmap 10 set peer 11.27.19.20
crypto map newmap 10 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key xx address 11.27.19.20 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
console timeout 0
dhcpd address 10.168.20.17-10.168.20.21 inside
dhcpd dns 10.168.10.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd option 66 ascii 10.168.10.1
dhcpd option 150 ip 10.168.10.1 10.168.10.2
dhcpd enable inside
thank you
Ee
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 101 permit ip host 10.168.20.17 10.168.10.0 255.255.255.128
access-list 101 permit ip host 10.168.20.17 10.168.17.0 255.255.255.0
access-list 101 permit ip host 10.168.20.17 10.168.11.0 255.255.255.0
ip address outside dhcp setroute
ip address inside 10.168.20.22 255.255.255.248
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 101
crypto map newmap 10 set peer 11.27.19.20
crypto map newmap 10 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key xx address 11.27.19.20 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
console timeout 0
dhcpd address 10.168.20.17-10.168.20.21 inside
dhcpd dns 10.168.10.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd option 66 ascii 10.168.10.1
dhcpd option 150 ip 10.168.10.1 10.168.10.2
dhcpd enable inside
18 years 6 months ago #14568
by ramasamy
Replied by ramasamy on topic Re: NAT not working
Hi,
You have made a small mistake. your config is
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0
instead of that you have to give
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.16 255.255.255.248 0 0
You have made a small mistake. your config is
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0
instead of that you have to give
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.16 255.255.255.248 0 0
Time to create page: 0.134 seconds