All,
I have a head scratcher, brief details and topology:
DMZ - 172.18.1.0 / PIX 515 6.3(4) --outside X.X.X.X / inside
192.168.X.X + other networksOn the inside of the PIX I have various route statements to several networks. One of these is 172.31.0.0/16.
I use my DMZ router 172.18.1.X to connect to a number of other routers (via the outside interface of the PIX). These routers sit behind a Concentrator and use Loopback addresses in range 172.31.233.0/24.
The traffic off the DMZ in no-nated.
My problem, I am simply getting no hits on either my no-nat list or accompanying access-list on the PIX.
e.g.
access-list nonat permit ip 172.18.1.0 255.255.255.0 172.31.233.0
255.255.255.0access-list blah permit ip 172.18.1.0 255.255.255.0 172.31.233.0
255.255.255.0There is a default route on the PIX pointing to the outside router. Talking to my colleague he seems to think the PIX will be forwarding my
172.31.233.0 traffic towards the 172.31.0.0/16 entry on the inside. I am sure that the PIX wouldn't, either way, I cannot understand why I have not hits in my no-nat etc.The above access-list & nonat entries are just 'tagged on additions' to the bottom of pre-configured working lists.
Anyone have any suggestions ?
Regards
Darren
------