I don't know about severely, but you are wrong. To do dynamic PAT you use the keyword "interface." You don't have to specify the interface name "outside" because PAT is only supported on the outside interface.
The config looks good to me. This may sound stupid, but are the default routes on the FTP and WWW servers set correctly? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: Robert Edmonds [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 10:20 AM To: [EMAIL PROTECTED] Subject: Re: Port redirection on a PIX [7:73065] With regards to these two lines: > static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask > 255.255.255.255 0 0 > static (inside,outside) tcp interface www 192.168.0.1 www netmask > 255.255.255.255 0 0 I believe they should read: static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 If I am wrong, I'm sure I will be severely reprimanded...I mean corrected. ""NetEng"" wrote in message news:[EMAIL PROTECTED] > I am still not able to connect to my web and ftp services. I have pasted the > relative info below. Am I missing something or do is my config wrong? > : > PIX Version 6.1(3) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > access-list 101 permit icmp any any unreachable > access-list 101 permit icmp any any time-exceeded > access-list 101 permit icmp any any echo-reply > access-list 102 permit tcp any any eq ftp > access-list 102 permit tcp any any eq www > pager lines 24 > interface ethernet0 10baset > interface ethernet1 10full > mtu outside 1500 > mtu inside 1500 > ip address outside dhcp setroute > ip address inside 192.168.0.100 255.255.255.0 > global (outside) 1 interface > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask > 255.255.255.255 0 0 > static (inside,outside) tcp interface www 192.168.0.1 www netmask > 255.255.255.255 0 0 > access-group 102 in interface outside > > Thanks for the help so far > > > ""Scott"" wrote in message > news:[EMAIL PROTECTED] > > static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask > > 255.255.255.255 0 0 > > > > Scott > > ""NetEng"" wrote in message > > news:[EMAIL PROTECTED] > > > I'm trying to do port redirection on my PIX and here's the example from > > > Cisco. My problem is my outside interface is set for DHCP. How do I > change > > > the command to reflect a dynamic outside address? > > > > > > static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask > > > 255.255.255.255 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73690&t=73065 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
