<div>
<div class="content wysiwyg-content">
I have configured static network address translations (NAT) on a Cisco 2620 (IOS 12.2) router, the router shares same default gateway (PIX 515 6.3) as the destination hosts. Debugging ip packets on the router show that this traffic is being forwarded out the Ethernet0/0 interface. However, there is no echo-reply. I get icmp replies from the translated address for the PIX itself (172.20.6.1) and a device outside the firewall (172.20.6.98). Is the PIX redirecting or blocking icmp ? With this config, the overloaded address should be seen as on the source address by other hosts on the LAN. Right?<br />
<br />
ip nat inside source list nocnat interface Ethernet0/0 overload<br />
Ping successful -&gt; ip nat outside source static 192.168.221.1 172.20.6.1 ! default gateway/PIX<br />
Ping successful -&gt; ip nat outside source static xx.xx.xx.xx 172.20.6.98 ! host on outside of PIX<br />
!<br />
!ping tests to the following 172.20.6.0 addresses fail with 'no response'.<br />
ip nat outside source static 192.168.221.58 172.20.6.58<br />
ip nat outside source static 192.168.221.59 172.20.6.59<br />
ip nat outside source static 192.168.221.11 172.20.6.11<br />
<br />
Thanks in advance for any assistance.<br />
<br />

</div>
</div>


I have configured static network address translations (NAT) on a Cisco 2620 (IOS 12.2) router, the router shares same default gateway (PIX 515 6.3) as the destination hosts. Debugging ip packets on the router show that this traffic is being forwarded out the Ethernet0/0 interface. However, there is no echo-reply. I get icmp replies from the translated address for the PIX itself (172.20.6.1) and a device outside the firewall (172.20.6.98). Is the PIX redirecting or blocking icmp ? With this config, the overloaded address should be seen as on the source address by other hosts on the LAN. Right?

ip nat inside source list nocnat interface Ethernet0/0 overload
Ping successful -> ip nat outside source static 192.168.221.1 172.20.6.1 ! default gateway/PIX
Ping successful -> ip nat outside source static xx.xx.xx.xx 172.20.6.98 ! host on outside of PIX
!
!ping tests to the following 172.20.6.0 addresses fail with 'no response'.
ip nat outside source static 192.168.221.58 172.20.6.58
ip nat outside source static 192.168.221.59 172.20.6.59
ip nat outside source static 192.168.221.11 172.20.6.11

Thanks in advance for any assistance.



PIX blocking icmp-echo reply

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).