I'm trying to setup PAT for another internal network. Currently the
192.168.5.0/24 and 192.168.8.0/24 networks are behind our pix firewall (actually there is a router to handle each subnet).When someone tries to access the web from the 192.168.5.0 network, if I do a sh capture it shows the 192.168.5.0 address correctly translated to the outside address of the pix (for example
10.10.10.2). Everything works fine.However, on the 192.168.8.0/24 network, it doesn't work. Their default route is to send it to the router at 192.168.5.254, and then it routes it to the 192.168.5.1 address on the pix. However, if I watch the capture on the outside interface, it always shows the traffic leaving with the IP of 192.168.8.x, instead of using the outside IP. So, I know it's getting to and leaving the pix, just using the wrong address. I'm trying to figure out why it's not translating it for that subnet.
Here are some lines from my config that may be relevant. Would appreciate any help...
PIX Version 6.3(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list inside permit ip 192.168.5.0 255.255.255.0 any access-list inside permit ip 192.168.8.0 255.255.255.0 any ip address outside 10.10.10.2 255.255.255.240 ip address inside 192.168.5.1 255.255.255.0 global (outside) 1 interface global (dmz) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.0.0 255.255.0.0 0 0 static (inside,outside) 192.168.8.0 192.168.8.0 netmask 255.255.255.0 0
0 access-group outside in interface outside access-group inside in interface inside route outside 0.0.0.0 0.0.0.0 10.10.10.1 1 route inside 192.168.8.0 255.255.255.0 192.168.5.254 1