Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: NAT not working

NAT not working 10 years 8 months ago #13729

  • eeee
  • eeee's Avatar
  • Offline
  • New Member
  • Posts: 9
  • Karma: 0
I have a VOIP Phone behind a PIX 501 working fine. I wanted to have data connection as well,so I created a dhcp pool and and ACLs only for IPSEC. following configuration is only working for VOIP phone, not working for data connection. NAT does not work. can anyone see what is wrong?

thank you

Ee


PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100

access-list 101 permit ip host 10.168.20.17 10.168.10.0 255.255.255.128
access-list 101 permit ip host 10.168.20.17 10.168.17.0 255.255.255.0
access-list 101 permit ip host 10.168.20.17 10.168.11.0 255.255.255.0

ip address outside dhcp setroute
ip address inside 10.168.20.22 255.255.255.248

global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 101
crypto map newmap 10 set peer 11.27.19.20
crypto map newmap 10 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key xx address 11.27.19.20 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000

console timeout 0
dhcpd address 10.168.20.17-10.168.20.21 inside
dhcpd dns 10.168.10.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd option 66 ascii 10.168.10.1
dhcpd option 150 ip 10.168.10.1 10.168.10.2
dhcpd enable inside
The administrator has disabled public write access.

Re: NAT not working 10 years 7 months ago #14568

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0
Hi,

You have made a small mistake. your config is

global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.18 255.255.255.255 0 0

instead of that you have to give

global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 10.168.20.16 255.255.255.248 0 0
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup