I'm doing something very similar on a customer network recently installed. Double NAT'ing works just fine provided you have the appropriate paths to and from the other end.
In my case I have Clinic-----Umbrella_Org_Router-----PIX-----internet Clinics have a hodgepodge of addresses. I NAT from the Clinic into the Umbrella_Org's network, and if the destination is the internet there is a second NAT to public IP space. First thing I would check is the existence of a path from the PIX back to the source of the original network. In my case I had to configure static routes from the PIX back to the source. -- www.chuckslongroad.info like my web site? take the survey! ""Paul"" wrote in message news:200210112221.WAA32689@;groupstudy.com... > Hi guys ... > > Workstation 10.10.10.10 gets NATed to 20.20.20.20 at R1, traverses the WAN > Link through R2 onto the DMZ, 20.20.20.20 then gets NATed to 30.30.30.30 by > the PIX 515 and traverses onto the Private LAN. > > > Workstation---------------------R1-----------(WAN)----------------R2-------- - > ----------(DMZ)-----------------PIX--------------(Private > LAN)--------------Server > 10.10.10.10 -> NAT to 20.20.20.20 > NAT from 20.20.20.20 to 30.30.30.3 30.30.30.30 > > It is required that NAT be used to mask the IP address of 30.30.30.30 upon > return to the workstation 10.10.10.10. I can NAT fine over R1 and into the > DMZ, this works fine. However, the 2nd NAT is not working through the PIX > !!!!! Workstation 10.10.10.10 pings 30.30.30.30 and gets a reply from > 20.20.20.20 ??? I guess the reply shoulb be from 30.30.30.30 !! > > Are there any pitfalls to be aware of when double NATing ???? I have NAT'de > before on a PIX but not with a router. > > I have no idea why the second NAT on the PIX does not work ... > > Any input would be greatly appreciated .. > > Kind Regards > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55440&t=55425 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
