The PIX does it backwards to the rest of Cisco. In conduits, it's destination, source not the other way around. Rodgers Moore ""Kristopher B. Climie"" <[EMAIL PROTECTED]> wrote in message 8pl3cd$8cu$[EMAIL PROTECTED]">news:8pl3cd$8cu$[EMAIL PROTECTED]... > It looks to me that you conduit is wrong. Your line is "conduit permit tcp > host 128.200.111.100 eq 135 host 128.200.111.150 eq 135" In plain english > what this says is, "Let any traffic originating from 128.200.111.100 on TCP > port 135 go to server 128.200.111.150, to TCP port 135." The key to the > reason that it is not working is the first "eq 135". Personally, I have not > found a way to specify what the originating port is at the server. Usually > the source port is a randomly generated port number, and the important one > is the destination port. The line should read, "conduit permit tcp host > 128.200.111.100 host 128.200.111.150 eq 135" > > K > > ----- > > Kristopher B. Climie, CCNP, CCPD > > <[EMAIL PROTECTED]> wrote in message > D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN">news:D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN... > > Hi, > > > > You need to add a static statement to the internal server but something > > that goes like that: > > Static (inside,outside/dmz-I didn't really understood from you mail where > it > > is located) 10.10.1.150 10.10.1.150. > > The conduit you already have. > > The static statement that I wrote actually say that IP address can be > reach > > but the appropriate conduit. > > This is the way I usually do it. > > > > > > GIL > > CCNA,CCDA > > > > -----Original Message----- > > From: SH Wesson [mailto:[EMAIL PROTECTED]] > > Sent: ??? ??? 11 ?????? 2000 13:14 > > To: [EMAIL PROTECTED] > > Subject: pix > > > > > > I am using a Cisco PIX 520 with an inside interface and an outside > > interface. I have > > the following scenario: > > > > Internal server has an address of 10.10.1.150, the external server has an > ip > > > > address > > of 128.200.111.100. The external server is in the dmz zone. The internal > > server has > > been assigned a global address 0f 128.200.111.150 that maps to the inside > > server > > of ip address 10.10.1.150. I want the external server of 128.200.111.100 > to > > > > be able to > > communicate with the inside server only through port 135. > > > > I assigned a static ip address to the inside host with the following > > command: > > > > static (inside,outside) 128.200.111.150 10.10.1.150 netmask > 255.255.255.255 > > 0 0 > > > > > > I assigned the permission for the external server to be able to access the > > inside > > server only via port 135 using the following command. > > > > conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 > > > > > > Is this the right way of doing it? If I'm doing it wrong, can someone > show > > me how to do this. > > > > Thanks. > > _________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > > Share information about yourself, create your own public profile at > > http://profiles.msn.com. > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > > http://www.groupstudy.com/list/Associates.html > > _________________________________ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > This email was scanned using ESPG @ PubliCom Haifa. > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > > http://www.groupstudy.com/list/Associates.html > > _________________________________ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
