RE: PIX without NAT. [7:48593]
Hi, I tried it before. Without NAT it didn't work, but you can do it using NAT; translating IP address to the same IP address. I suppose it's related to stateful inspection. Bulent -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 6:27 PM To: [EMAIL PROTECTED] Subject: PIX without NAT. [7:48593] Hello all, I have simple pix problems, can anyone help me?(Thank you very much) If I have a pix have two interface as the following: inside: 10.10.10.1 / 24 outside : 192.168.1.1 / 24 and without nat (nat 0 0 0), I think that that must can allow inside hosts to access outside, but can I allow the outside PC to access the inside's hosts? e.g. access-list 10 permit tcp any host 10.10.10.2 eq smtp (or any services) Thank you very much for your help Regards, Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48660t=48593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX without NAT. [7:48593]
Hi, I think there is misunderstanding about NAT. I used NAT as Network Address Translation, not the command. According to my knowledge the static command is used for Network Address Translation and with the command static (inside,outside) 10.10.10.2 10.10.10.2 netmask 255.255.255.255 0 0, an address translantion definition from 10.10.10.2 to 10.10.10.2 can be created. Bulent -Original Message- From: Ufuk Yasibeyli [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 11:23 AM To: [EMAIL PROTECTED] Subject: RE: PIX without NAT. [7:48593] Hi, If I understand correctly, this cas has nothing to do with NAT. All you need to do is to create a static command. If you don't need to change address, use the same address for both inside and outside host. Here is the example : static (inside,outside) 10.10.10.2 10.10.10.2 netmask 255.255.255.255 0 0 This is required to allow traffic from a low security interface to a high security interface. In addition to static command, an access list is also required. This is working in a couple of my production environments. Best Regards, Ufuk Yasibeyli [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of B|lent ^ahin Sent: 12 Temmuz 2002 Cuma 10:25 To: [EMAIL PROTECTED] Subject: RE: PIX without NAT. [7:48593] Hi, I tried it before. Without NAT it didn't work, but you can do it using NAT; translating IP address to the same IP address. I suppose it's related to stateful inspection. Bulent -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 6:27 PM To: [EMAIL PROTECTED] Subject: PIX without NAT. [7:48593] Hello all, I have simple pix problems, can anyone help me?(Thank you very much) If I have a pix have two interface as the following: inside: 10.10.10.1 / 24 outside : 192.168.1.1 / 24 and without nat (nat 0 0 0), I think that that must can allow inside hosts to access outside, but can I allow the outside PC to access the inside's hosts? e.g. access-list 10 permit tcp any host 10.10.10.2 eq smtp (or any services) Thank you very much for your help Regards, Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48664t=48593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OOB Testing [7:45556]
If you have experience on Perl, you can write your script easily using modules NET::Telnet::Cisco and Mail::Sender. Bulent -Original Message- From: Mark Godfrey [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 10:46 PM To: [EMAIL PROTECTED] Subject: OOB Testing [7:45556] Group, I would like help with writting a script that dials out to all my out-of-band 56k modems connected to my terminal servers and verify connectivity. If connectivity is not working it would send out an email to the Engineer telling the name of the device not working. Any help would be appriciated. Thanks, MG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45656t=45556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 2 Test Tool [7:43484]
If you are using IBM Communication Server for NT, there is a tool like sna ping(I can't remember its name, but you can see it on the start menu), but it works only between independent LU's. Bulent -Original Message- From: Seelinger Bruce [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 4:15 PM To: [EMAIL PROTECTED] Subject: Re: Layer 2 Test Tool [7:43484] Johnny, Thanks for the reply, but I should have been clearer. The network we are testing is not running TCP/IP. It is strictly a test bed for testing filters based on layer 2 connectivity only, (the real network is running SNA with SR/TRB). So in this case ping does not apply. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43514t=43484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]