David, Question 15 of the Cisco Secure PIX Firewall FAQ (http://www.cisco.com/warp/customer/110/pixfaq.shtml#Q15) has the answer to your question. It also falls under the rule that the PIX is not a router and will not forward a packet back out the same interface that it came in on.
Bob -- Robert Sanderson , CCDA/CCNA/CSS1 ETRN.com, Inc. - http://www.ETRN.com/ (866) 271-ETRN David Ishmael wrote: > All: > > I've got a PIX with two interfaces. The outside interface has a > public address space while the inside interface has a private address > space. The problem I'm having is that the internal devices can't ping > external (public) address mappings. For example: > > static (outside, inside) 123.123.123.123 10.10.10.123 netmask > 255.255.255.255 0 0 > static (outside, inside) 123.123.123.124 10.10.10.124 netmask > 255.255.255.255 0 0 > > When 10.10.10.123 tries to connect to 123.123.123.124 I get the > following error message via syslog: > > -> regular translation creation failed for tcp src > inside:10.10.10.123/3737 dst outside:123.123.123.124/110. > > I've checked to make sure that the access-list is permitting the > connection and its wide open. Any ideas on what I'm doing wrong? > > -- > David Ishmael, CCNA/IVCP > Sr. Engineer, Windward Consulting Group > 2300 Corporate Park Drive > Suite 400 > Herndon, VA 20171 > [EMAIL PROTECTED] > (571) 332-6234 > > "Engineers don't think outside the box, they redesign it" > > EMAIL DISCLAIMER > The information contained in this message, and any attachment, is > confidential and proprietary information, and may be legally > privileged. It is intended for the above named recipient(s) only and > is transmitted in confidence. It should be safeguarded to prevent > unauthorized, negligent, or inadvertent use or disclosure. This > message is proprietary to Windward Consulting Group, Inc. and may not > be disclosed, forwarded, distributed, or reproduced, without the > express permission of Windward. > If this message is received in error, the sender should be notified > and the message and any attachments deleted. > > Email transmission cannot be guaranteed to be secure or error free as > information could be intercepted, corrupted, lost, destroyed, arrive > late or incomplete, or contain viruses. The sender therefore does not > accept liability for any errors or omissions in the contents of this > message which arise as a result of email transmission. > > �2002 Windward Consulting Group, Inc > _______________________________________________ Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
