inbound connections - no nat

[sscalsk]

I have a pix 515 v4.4(4) and am looking to setup a 2 interface - no NAT configuration. I have the lines:

nat (inside) 0 192.168.3.0 255.255.255.0
conduit permit icmp any any

my outside network is 192.168.2.0 and the inside is 192.168.3.0 yet when I am outside the pix any inbound pings to a valid host address are denied. If I do an outbound connection then try an inbound ping again it works. An entry is made in the xlate (?) table as shown by the "sh xlate" command. My understanding is that nat 0 "lets inside addresses be recognized on outside networks". This having to make an outbound connection first behaviour seems wrong - can anyone show me what I am missing? I would like the inbound ping to work.

-= stan

 

[Spitz]

What does the route table look like?

 

[flypper]

Hi,

The nat command is a dynamic translation - that is, the xlate table will only hold a translation when the inside host makes a connection to the outside world. This entry will eventually time out.

The static command is used to make permanent entries into the xlate table. Use this if you need to be able to ping hosts on the inside leg from the outside.

Cheers - Flypper

 

[ExIT]

Try adding

static (inside,outside) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

Bye
ExIT