Hi Kent,
Thanks for catching what I missed on my first read! I guess I need to get some
glasses.
You're right on about the static syntax.
Thanks much,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
At 01:10 PM 05/22/2000 -0500, Kent Hundley wrote:
>Harry,
>
>Comments imbedded:
>
> >1. I mapped a single global address to an inside server target
> >static (inside,outside) 10.0.0.44 38.168.115.61 netmask
> >255.255.255.255 0 0
>
>
>Your syntax is incorrect, you static command should be:
>
>static (inside, outside) 38.168.115.61 10.0.0.44 netmask 255.255.255.255
>0 0
>
>IOW, it should be static(inside, outside) "outside-ip" "inside-ip"
>
>
> >
> >and then created 4 conduits so I could support port 80 and 443 transactions
> >
> > conduit permit tcp host 38.168.115.61 eq www any
> > conduit permit tcp host 10.0.0.44 eq www any
> > conduit permit tcp host 38.168.115.61 eq 443 any
> > conduit permit tcp host 10.0.0.44 eq 443 any
>
>
>You don't need the conduits to your inside addresses, only to your
>global IP's, in your case 38.168.115.61. You can delete the conduits to
>the 10 net addresses.
>
>I'm not suprised that you got "unpredictable results" using this
>configuration. :-)
>
>Here are a few pointers to some links on the Cisco site that should help
>you:
>
><http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/commands.htm#xtocid459365>
>
><http://www.cisco.com/warp/public/110/index.shtml#pix>
>
>HTH,
>Kent
>
>
>--
>##################################################
>Kent Hundley Lucent Networkcare
>CISSP, CCSE Sr. Network Consultant
>##################################################
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
