> static (inside,dmz) 192.168.0.4 10.2.0.4 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.4 10.2.0.4 netmask 255.255.255.255 0 0
Apparently, the second statement above is being taken as replacing the first, probably because of the duplicated 10.2.0.4 address. DG On 5 Dec 2001, at 20:45, Shaw, Dale wrote: > Hi, > > Can anyone explain this behaviour? > > Inside is 10.2.0.0/16, DMZ is 192.168.0.0/24 and Outside is 172.16.28.0/24 > > firewall# show static > static (dmz,outside) 172.16.28.2 192.168.0.2 netmask 255.255.255.255 0 0 > static (dmz,outside) 172.16.28.10 192.168.0.5 netmask 255.255.255.255 0 0 > static (inside,dmz) 192.168.0.3 10.2.0.3 netmask 255.255.255.255 0 0 > static (inside,dmz) 192.168.0.4 10.2.0.4 netmask 255.255.255.255 0 0 > static (inside,dmz) 192.168.0.6 10.2.0.5 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.4 10.2.0.4 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.5 10.2.0.5 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.7 10.2.0.14 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.8 10.2.0.28 netmask 255.255.255.255 0 0 > static (inside,outside) 172.16.28.11 10.2.0.78 netmask 255.255.255.255 0 0 > > firewall# show xlate state static > Global 172.16.28.8 Local 10.2.0.28 static nconns 0 econns 0 flags s > Global 172.16.28.10 Local 192.168.0.5 static nconns 0 econns 0 flags s > Global 172.16.28.11 Local 10.2.0.78 static nconns 0 econns 0 flags s > Global 172.16.28.4 Local 10.2.0.4 static nconns 1 econns 0 flags s > Global 172.16.28.5 Local 10.2.0.5 static nconns 0 econns 0 flags s > Global 172.16.28.7 Local 10.2.0.14 static nconns 0 econns 0 flags s > Global 172.16.28.2 Local 192.168.0.2 static nconns 0 econns 0 flags s > Global 192.168.0.6 Local 10.2.0.5 static nconns 0 econns 0 flags s > Global 192.168.0.3 Local 10.2.0.3 static nconns 0 econns 0 flags s > > As you can see, there are 10 static NAT mappings defined and only 9 appear > when the 'show xlate state static' command is given. The missing mapping is > the 4th one defined. I thought it might've been to do with the fact that > there is an outside -> inside mapping as well as a dmz -> inside mapping to > the same internal host, but mappings #5 and #7 are like this too. > > As far as I can tell, this is not causing a problem, but it's a bit worrying > that it doesn't appear. This particular system is running 4.4(8), which I > realise is old. It's a PIX Classic with only 2MB of flash so upgrading is a > little difficult to justify since it's a (decreasingly useful) test system. > > Cheers, > Dale > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
