Clifford Thurber wrote:
[EMAIL PROTECTED]"> This is correct is should be:
static(more_more_secure_int less_secure_int) local local netmask netmask 255....
At 09:29 AM 4/18/2002 -0400, Fei Yang wrote:
1. Shouldn't the static command be static (inside,outside) <inside_global_ip> <inside_local_ip> netmask 255.255.255.255, rather than (outside,inside)?
2. For communications between two local hosts, you should use inside local address, rather than their global address. PIX will not translate the inside global IP to the inside local IP on the INSIDE interface. PIX does this translation on the OUTSIDE interface.
If you need to let inside host to access some other inside host by its public IP address, say the target host is a web server, you might need to configure alias.
Fei.
-----Original Message-----
From: David Ishmael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 3:29 PM
To: [EMAIL PROTECTED]
Subject: PIX Translation Issues
All:
I've got a PIX with two interfaces. The outside interface has a public address space while the inside interface has a private address space. The problem I'm having is that the internal devices can't ping external (public) address mappings. For example:
static (outside, inside) 123.123.123.123 10.10.10.123 netmask 255.255.255.255 0 0
static (outside, inside) 123.123.123.124 10.10.10.124 netmask 255.255.255.255 0 0
When 10.10.10.123 tries to connect to 123.123.123.124 I get the following error message via syslog:
-> regular translation creation failed for tcp src inside:10.10.10.123/3737 dst outside:123.123.123.124/110.
I've checked to make sure that the access-list is permitting the connection and its wide open. Any ideas on what I'm doing wrong?
--
David Ishmael, CCNA/IVCP
Sr. Engineer, Windward Consulting Group
2300 Corporate Park Drive
Suite 400
Herndon, VA 20171
<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
(571) 332-6234
"Engineers don't think outside the box, they redesign it"
EMAIL DISCLAIMER
The information contained in this message, and any attachment, is confidential and proprietary information, and may be legally privileged. It is intended for the above named recipient(s) only and is transmitted in confidence. It should be safeguarded to prevent unauthorized, negligent, or inadvertent use or disclosure. This message is proprietary to Windward Consulting Group, Inc. and may not be disclosed, forwarded, distributed, or reproduced, without the express permission of Windward.
If this message is received in error, the sender should be notified and the message and any attachments deleted.
Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission.
©2002 Windward Consulting Group, Inc
_______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
David Ishmael, CCNA/IVCP
Sr. Engineer, Windward Consulting Group
2300 Corporate Park Drive
Suite 400
Herndon, VA 20171
[EMAIL PROTECTED]
(571) 332-6234
"Engineers don't think outside the box, they redesign it"
The information contained in this message, and any attachment, is confidential
and proprietary information, and may be legally privileged. It is intended
for the above named recipient(s) only and is transmitted in confidence. It
should be safeguarded to prevent unauthorized, negligent, or inadvertent
use or disclosure.
This message is proprietary to Windward Consulting Group, Inc. and may
not be disclosed, forwarded, distributed, or reproduced, without the express
permission of Windward.
If this message is received in error, the sender should be notified and
the message and any attachments deleted.
Email transmission cannot be guaranteed to be secure or error free as information
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
or contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message which arise as a result
of email transmission.
©2002 Windward Consulting Group, Inc
_______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
