Hi there chaps, I have a PIX running 6x software with 3 interfaces:
outside - sec0 (public IP address) inside - sec100 (10.1.1.253/24) office - sec90 (10.75.4.253/24) At the moment I have it configured so hosts on the inside interface can access the internet (natted to interface ip on outside) and access various networks over VPN (no nat). Hosts on the office network can also access the internet (natted the same as inside). What I'm trying to figure out is how I can get hosts on the office network to access hosts on the inside network without their addresses being translated. I've built an access-list and applied it to the office interface which is straight forward and I've added the following static: static (office,inside) 10.75.4.0 10.75.4.0 netmask 255.255.255.0 0 0 However I'm not getting any connectivity, so I added: access-list office_outbound_nat0_acl permit ip host 10.75.4.1 10.1.1.0 255.255.255.0 nat (office) 0 access-list office_outbound_nat0_acl At the moment I'm not getting any hits on office_outbound_nat0_acl and no traffic is getting across either, the logs say: 305005: No translation group found for icmp src office:10.75.4.1 dst inside:10.1.1.250 (type 8, code 0) Which matches up with the traffic I'm sending! Can someone assist me so I know what I'm doing wrong? Thank you for your time. W. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/