Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Translation over to router

Status
Not open for further replies.
Nightcrawler

Nightcrawler

Technical User
Aug 21, 2001
39
GB
I have a PX which I do a translation in IE 10.1.3.20 to 195.188.139.10 (an internet address for example).

The router which is connected, to a ethernet card in the PIX which itself has an address of 10.1.12.25, has a address of 10.1.12.254. The router also has a card which goes off to an ISP with 195.188.139.250 as an ip address. I can ping all ip addresses from the PIX but I cant ping past the router and the interal traffic cant ping the router.

Why is this ? Is it because I am using private ip address on the thernet cards. Surely this should not matter ?? I am trying to do translation in the PIX where its suppose to happen and then do policy routing in the external router..... HELP PLEASE Ed
 
Sort by date Sort by votes
It's quite surprising that the PIX, which has private IP address, can ping any IP on the internet.
This seems to mean that the adress translation is performed on the router, so you don't have to configure the PIX to perform NAT.
Regards,
Phil
 
Upvote 0 Downvote
What are your masks on these particular networks? You mentioned 195.188.139.10 and 195.188.139.250. What are the subnets, and does your provider know of the routes required. If your allocation is a Class C 255.255.255.0 mask. Is that the mask on your network between the provider router and the Internet Router a Class C? If it is, then that is your problem. In that case, Your NATed address is an address on the network between your provider and the internet router. When the request comes into the Internet router from 195.188.139.10, it replies but it tries to send towards the provider side because it thinks that it already is locally connected to that network. Additionally, Your provider is probably filtering private addressing and doesn't have a route to it for the PIX itself, and that is why you can't ping farther.
My advice, if you were only given a Class C mask on that segment connecting to the Provider, and they don't want to change the mask to give you another network to work with, then I would NAT on the Internet Router instead.
If you could send a little more info. on the networks and their masks and their current routing table, I could give you a more exact solution because I am only working with what you posted. -Later
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
292
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
307
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
102
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top