Conduit should be outside address of local machine (xxx.yyy.115.172) then port to be reached (25 tcp) then address and subnet mask of remote hosts wishing access. any = 0.0.0.0 0.0.0.0. It could be a single address; but I'd expect to see a routable address.
> -----Original Message----- > From: Robert T. Repko (R Squared Consultants) > [mailto:[EMAIL PROTECTED]] > Sent: Saturday, April 06, 2002 10:23 PM > To: [EMAIL PROTECTED] > Subject: Cisco PIX question, static, conduit, and alias [7:40722] > > > I am having a problem getting to the inside Mail/Web servers from the > outside and I can't determine why. > > I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also > reconfiguring the way their PIX was setup. The servers were > configured > with outside addresses (the PIX had a 'nat 0 xxx.yyy.115.0' > statement) > which made them vulnerable. I am moving them to an inside > address and > building a conduit from the outside to the inside. > > In order to leave their old network up and running while I > configured the > 7206VXR. I used my PIX 506 (Ver 5.x) for configuration > purposes. I had > everything configured and working. Then over the Easter holiday I > configured their PIX trying to use the same statements that I > had in my PIX > 506. This is where I ran into problems. Since they are > running such an > old version (Ver 4.1.4) of the IOS I could not use the same exact > commands. I'm not as familiar with the PIX 4.1.4 commands > and obviously > have something stated incorrectly. Below I have what I > believe to be the > pertinent information from both the 7206 and PIX. Can > someone tell me > where I went wrong. The xxx.yyy represent the same 2 octets > through out > both configs. Any help greatly appreciated. > > Cisco 7206 VXR > > interface FastEthernet0/1 > description ** Firewall Connection (inside area)** > ip address xxx.yyy.115.18 255.255.255.240 secondary > ip address 172.20.19.3 255.255.255.0 > > ip route 0.0.0.0 0.0.0.0 xxx.yyy.253.129 !(points > to the ISP) > ip route xxx.yyy.115.0 255.255.255.0 xxx.yyy.115.17 !(points > to the PIX) > > > Cisco PIX 4.1.4 (this is just a PIX, not a PIX 515 or 525) > > interface 0: ip address outside xxx.yyy.115.17 mask 255.255.255.240 > interface 1: ip address inside 172.20.19.4 mask 255.255.255.0 > > global (outside) 1 xxx.yyy.115.14-xxx.yyy.115.14 > global (outside) 1 xxx.yyy.115.7-xxx.yyy.115.13 > > static (inside,outside) xxx.yyy.115.172 172.20.18.172 0 255 > static (inside,outside) xxx.yyy.115.190 172.20.21.241 0 255 > > conduit (inside,outside) xxx.yyy.115.172 25 tcp 172.20.18.172 > 255.255.255.255 > conduit (inside,outside) xxx.yyy.115.172 110 tcp 172.20.18.172 > 255.255.255.255 > conduit (inside,outside) xxx.yyy.115.190 80 tcp 172.20.21.241 > 255.255.255.255 > > alias (inside) 172.20.21.241 xxx.yyy.115.190 255.255.255.255 > alias (inside) 172.20.18.210 xxx.yyy.115.174 255.255.255.255 > alias (inside) 172.20.18.172 xxx.yyy.115.172 255.255.255.255 > > route outside 0.0.0.0 0.0.0.0 xxx.yyy.115.18 1 > route inside 192.168.0.0 255.255.0.0 172.20.19.3 1 > route inside 172.21.0.0 255.255.0.0 172.20.19.3 1 > route inside 172.20.0.0 255.255.0.0 172.20.19.3 1 > route inside 172.16.0.0 255.255.0.0 172.20.19.3 1 > > ************************************************************** > ***************** > * Robert T. Repko - R Squared Consultants | Voice: (610) > 253-2849 * > * Serving the Computing World for 20 years | Fax: (610) > 253-0725 * > * NT/UNIX/MAC Networking, Cisco Routers/Switches| Internet: > [EMAIL PROTECTED] * > * Custom Programming | Address: 4 Juniper > Ave. * > * NJDOE Provider ID#: 763 | SPIN: 143010681 | Easton, PA > 18045 * > ************************************************************** > ***************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40725&t=40722 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]