Thanks to Lisa Napier
and John Adams <[EMAIL PROTECTED]>; Carric Dooley <[EMAIL PROTECTED]>,
Alessandra Moura <[EMAIL PROTECTED]>
I took lisa's advice and did "clear xlate" 15 times!!
I also went to the internet router and did a "clear arp-cache"
That seemed to have done the trick.
Thanks
ameet
----- Original Message -----
From: Lisa Napier <[EMAIL PROTECTED]>
To: Ameet Chaubal <[EMAIL PROTECTED]>; John Adams <[EMAIL PROTECTED]>;
Carric Dooley <[EMAIL PROTECTED]>
Cc: Alessandra Moura <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 24, 2000 4:54 PM
Subject: Re: PIX stat translation not working
> Hi Ameet,
>
> Comments inline.
>
> At 08:17 AM 02/24/2000 -0500, Ameet Chaubal wrote:
> >Thanks for the replies.
> >
> >Here is my stat entry
> >
> >static (inside,outside) <class C ip address> 192.168.0.50
> >conduit permit tcp host <class C ip address> eq smtp any
> >conduit permit icmp any any
> >
> >The strange thing is 192.168.0.50 can go out to internet just fine.
> >If the stat entry was not correct, could he still do that?
>
> If the static entry was incorrect, but the host had grabbed an address
from
> the Global pool, then he could still go out to the internet.
>
> The static entry looks fine. If that host grabbed an address from the
> Global pool BEFORE the static was set up, that could be a problem.
> Configuring the static should clear the previous translation, but in some
> cases it does not. Have you tried a "clear xlate" command on the system?
>
> >All my dynamic NAT entries (mappings from global pool) work just fine.
> >My static global address is not part of the global pool also.
>
> Good.
>
> >My last resort as Lisa suggested would be to ask cisco to open the box
and
> >take a look at it.
> >Thanks again to all of you
> >
> >ameet
>
>
> Do a 'clear xlate' before you call Cisco. If that doesn't work, give Cisco
> a call.
>
> Good luck,
>
> Lisa Napier
> Product Security Incident Response Team
> Cisco Systems
> http://www.cisco.com/warp/public/707/sec_incident_response.shtml
>
>
>
>
> >----- Original Message -----
> >From: John Adams <[EMAIL PROTECTED]>
> >To: Carric Dooley <[EMAIL PROTECTED]>
> >Cc: Ameet Chaubal <[EMAIL PROTECTED]>; Alessandra Moura
> ><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Wednesday, February 23, 2000 10:28 PM
> >Subject: Re: PIX stat translation not working
> >
> >
> > > On Wed, 23 Feb 2000, Carric Dooley wrote:
> > >
> > > > tip a: use the GUI tool.
> > >
> > > This is NEVER a good answer. You don't learn anything this way and
can't
> > > fix things when they break. It's like using a calculator to do math.
> > >
> > > > tip b: make sure your conduits/translations are not backwards
(please
> > > > don't take that the wrong way.. I have fixed more than one PIX fw
that
> > > > had the translations backwards).
> > >
> > > If Cisco hadn't reversed the order a few versions ago , none of us
would
> > > have this problem.
> > >
> > > -john
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
