I thought that's what I had?
conduit (inside,outside) xxx.yyy.115.172 25 tcp 172.20.18.172 255.255.255.255
(outside address) (port) (ip addr of host to reach)
(inside address)
If I'm misunderstanding could you rewrite the statement above to
demonstrate what you mean.
Please keep in mind this is ver 4.1.4, 'any' is not a valid part of the
conduit statement, the PIX complains when I use 'any' in the command.
At 4/7/2002 12:59 AM, Daniel Cotts reminisced:
>Conduit should be outside address of local machine (xxx.yyy.115.172) then
>port to be reached (25 tcp) then address and subnet mask of remote hosts
>wishing access. any = 0.0.0.0 0.0.0.0. It could be a single address; but I'd
>expect to see a routable address.
>
> > -----Original Message-----
> > From: Robert T. Repko (R Squared Consultants)
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, April 06, 2002 10:23 PM
> > To: [EMAIL PROTECTED]
> > Subject: Cisco PIX question, static, conduit, and alias [7:40722]
> >
> >
> > I am having a problem getting to the inside Mail/Web servers from the
> > outside and I can't determine why.
> >
> > I'm replacing an old Cisco 7000 router with a new 7206 VXR. I'm also
> > reconfiguring the way their PIX was setup. The servers were
> > configured
> > with outside addresses (the PIX had a 'nat 0 xxx.yyy.115.0'
> > statement)
> > which made them vulnerable. I am moving them to an inside
> > address and
> > building a conduit from the outside to the inside.
> >
> > In order to leave their old network up and running while I
> > configured the
> > 7206VXR. I used my PIX 506 (Ver 5.x) for configuration
> > purposes. I had
> > everything configured and working. Then over the Easter holiday I
> > configured their PIX trying to use the same statements that I
> > had in my PIX
> > 506. This is where I ran into problems. Since they are
> > running such an
> > old version (Ver 4.1.4) of the IOS I could not use the same exact
> > commands. I'm not as familiar with the PIX 4.1.4 commands
> > and obviously
> > have something stated incorrectly. Below I have what I
> > believe to be the
> > pertinent information from both the 7206 and PIX. Can
> > someone tell me
> > where I went wrong. The xxx.yyy represent the same 2 octets
> > through out
> > both configs. Any help greatly appreciated.
> >
> > Cisco 7206 VXR
> >
> > interface FastEthernet0/1
> > description ** Firewall Connection (inside area)**
> > ip address xxx.yyy.115.18 255.255.255.240 secondary
> > ip address 172.20.19.3 255.255.255.0
> >
> > ip route 0.0.0.0 0.0.0.0 xxx.yyy.253.129 !(points
> > to the ISP)
> > ip route xxx.yyy.115.0 255.255.255.0 xxx.yyy.115.17 !(points
> > to the PIX)
> >
> >
> > Cisco PIX 4.1.4 (this is just a PIX, not a PIX 515 or 525)
> >
> > interface 0: ip address outside xxx.yyy.115.17 mask 255.255.255.240
> > interface 1: ip address inside 172.20.19.4 mask 255.255.255.0
> >
> > global (outside) 1 xxx.yyy.115.14-xxx.yyy.115.14
> > global (outside) 1 xxx.yyy.115.7-xxx.yyy.115.13
> >
> > static (inside,outside) xxx.yyy.115.172 172.20.18.172 0 255
> > static (inside,outside) xxx.yyy.115.190 172.20.21.241 0 255
> >
> > conduit (inside,outside) xxx.yyy.115.172 25 tcp 172.20.18.172
> > 255.255.255.255
> > conduit (inside,outside) xxx.yyy.115.172 110 tcp 172.20.18.172
> > 255.255.255.255
> > conduit (inside,outside) xxx.yyy.115.190 80 tcp 172.20.21.241
> > 255.255.255.255
> >
> > alias (inside) 172.20.21.241 xxx.yyy.115.190 255.255.255.255
> > alias (inside) 172.20.18.210 xxx.yyy.115.174 255.255.255.255
> > alias (inside) 172.20.18.172 xxx.yyy.115.172 255.255.255.255
> >
> > route outside 0.0.0.0 0.0.0.0 xxx.yyy.115.18 1
> > route inside 192.168.0.0 255.255.0.0 172.20.19.3 1
> > route inside 172.21.0.0 255.255.0.0 172.20.19.3 1
> > route inside 172.20.0.0 255.255.0.0 172.20.19.3 1
> > route inside 172.16.0.0 255.255.0.0 172.20.19.3 1
> >
> > **************************************************************
> > *****************
> > * Robert T. Repko - R Squared Consultants | Voice: (610)
> > 253-2849 *
> > * Serving the Computing World for 20 years | Fax: (610)
> > 253-0725 *
> > * NT/UNIX/MAC Networking, Cisco Routers/Switches| Internet:
> > [EMAIL PROTECTED] *
> > * Custom Programming | Address: 4 Juniper
> > Ave. *
> > * NJDOE Provider ID#: 763 | SPIN: 143010681 | Easton, PA
> > 18045 *
> > **************************************************************
> > *****************
*******************************************************************************
* Robert T. Repko - R Squared Consultants | Voice: (610)
253-2849 *
* Serving the Computing World for 20 years | Fax: (610)
253-0725 *
* NT/UNIX/MAC Networking, Cisco Routers/Switches| Internet:
[EMAIL PROTECTED] *
* Custom Programming | Address: 4 Juniper
Ave. *
* NJDOE Provider ID#: 763 | SPIN: 143010681 | Easton, PA
18045 *
*******************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40737&t=40722
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
