> >sounds like you might want to hire a consultant. Thanks for your suggestion, but I'm trying to play at being the consultant!
Since I'm getting no cooperation from the ISP, I have modified my config to: 1. Use global address 80.80.80.171-4/26 on router WAN link to ISP a la regular proxy connection with default-gateway as ISP router, with .1 on router fa0/0 2. Use rfc1918 address 172.16.10.1/24 on router fa0/1 internal int to PIX, and .2 on PIX e0/0 outside interface 3. On router, PAT all 172.16.10.0/24 addresses (except 172.16.10.3) and overload on fa0/0, WAN interface to ISP. 4. On router, statically NAT 172.16.10.3 to 80.80.80.172 for Exchange 5. On PIX, Use rfc1918 VPN address 10.240.77.0/24 for inside ntwork; .1 as PIX inside interface, and .3 for Exchange. 6. On PIX, PAT all inside hosts to 172.16.10.4 for internet traffic and statically NAT Exchange at 10.240.77.3 to 172.16.10.3 excempted in 3 above. With the config I have double NAT/PAT on router and PIX. Now, I can ping Internet hosts from router, but not PIX's directly connected interface. Same with PIX, ping succeeds from PIX to Exchange, but not to router. My NAT/PAT on router and PIX are translating, but I cant get thru the PIX. I will solve this somehow if the problem is with the configs, but hope someone will kindly answer my questions below: 1. Must my addressing on PIX outside be global? Is my use of 172.16.0.0 invalid for the scenario? Can this be responsible for the ping failure? Can this be corrected by using "fake" global addresses? 2. Aside from latency due to the double NAT/PAT, which wont bode well for voice and other real-time traffic, what other potential issues can I expect from the config? TIA _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57311&t=57193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
