Hello,
the following scenario:
--- net1 --- PIX --- net2 | | net3
The Pix runs OS 7.2. Computers reside in net2 and communicate with the world via net1. In net3 are a few hosts. Security levels are from net1 (low) to net2 (higher) to net3 (highest). Traffic from net2 to net1 will be neither NATed nor PATed. From net2 to net3 there should be PAT. The computers in net2 should be able to access two servers in net3.
interface Ethernet0 nameif net1 security-level 0 ip address 192.168.178.2 255.255.255.0 ! interface Ethernet1 nameif net2 security-level 90 ip address 192.168.179.1 255.255.255.0 ! interface Ethernet5 nameif net3 security-level 95 ip address 192.168.0.3 255.255.248.0 ! access-list test extended permit icmp any any log access-list test extended permit ip any any access-list test-in extended permit icmp any any log access-list test-in extended permit ip any any
nat-control global (net3) 1 192.168.0.4 nat (net2) 1 192.168.179.0 255.255.255.0 outside static (net2,net1) 192.168.179.0 192.168.179.0 netmask 255.255.255.0 access-group test-in in interface net2 access-group test out interface net3 route net1 0.0.0.0 0.0.0.0 192.168.178.1 1 route net3 10.1.0.0 255.255.0.0 192.168.1.254 1
So far the connections between net1 and net2 are working. But what is required to allow net2 to reach host in net3 with PAT?
Regards, Christoph Gartmann