PIX PAT Problem!! Urgent [7:37052]
Hi all, That is Very very Urgent!!!Please Help!!! Does anyone know that Can Cisco Pix Pat Ouside address to Inside address? for exampe: |---205.11.1.0---| | | (outside Security L 0) (--PIX--) (-Inside security L100) | | |--10.1.1.0---| can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? Thank you very much for your kindly help ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37052&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PAT Problem!! Urgent [7:37052]
Assume that you want to access every host on 10.1.1.0 from network 205.11.1.0 with the source address tranlasted to 10.1.1.100 , then I don`t think it is possible with a PIX. A router would be able to do such requirement. > That is Very very Urgent!!!Please Help!!! > Does anyone know that Can Cisco Pix Pat Ouside address to Inside address? > for exampe: > > |---205.11.1.0---| > | > | > (outside Security L 0) > (--PIX--) > (-Inside security L100) > | > | > |--10.1.1.0---| > > can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? > > Thank you very much for your kindly help > > ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37053&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX PAT Problem!! Urgent [7:37052]
The url http://www.cisco.com/warp/public/110/mailserver_in.html access-list smtp permit tcp any host 209.164.3.5 eq smtp access-group smtp in interface outside static (inside,outside) 209.164.3.5 192.168.2.57 netmask 255.255.255.255 gives a good example of pushing smtp from the outside to the inside without a dmz. A separate IPaddr is used though. Ofcourse the traffic allowed to get in is depending on an access-list... so you just let trough what you want to. Then make the static translation. Be waware that this is not a very save solution. Martijn Jansen -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Ivan Verzonden: zaterdag 2 maart 2002 8:31 Aan: [EMAIL PROTECTED] Onderwerp: PIX PAT Problem!! Urgent [7:37052] Hi all, That is Very very Urgent!!!Please Help!!! Does anyone know that Can Cisco Pix Pat Ouside address to Inside address? for exampe: |---205.11.1.0---| | | (outside Security L 0) (--PIX--) (-Inside security L100) | | |--10.1.1.0---| can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? Thank you very much for your kindly help ivan _ Chat on line met vrienden en probeer MSN Messenger uit: http://messenger.msn.nl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37063&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PAT Problem!! Urgent [7:37052]
Ivan, This is a shot in the dark, but here is what I am seeing scanning through my PIX book: NAT,GLOBAL commands are out because they require inside to outside commands. STATIC appears to be outbound only as well ROUTE appears that it could work and allows the if_name to be internal or external: ROUTE if_name ip_address netmask gateway_ip [metric] ROUTE if_name 205.11.1.0 255.255.255.0 10.1.1.100 Try that. Thanks, Leslie McIntosh --- Ivan wrote: > Hi all, > > That is Very very Urgent!!!Please Help!!! > Does anyone know that Can Cisco Pix Pat Ouside > address to Inside address? > for exampe: > > |---205.11.1.0---| > | > | > (outside Security L 0) > (--PIX--) > (-Inside security L100) > | > | > |--10.1.1.0---| > > can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? > > Thank you very much for your kindly help > > ivan [EMAIL PROTECTED] = Leslie McIntosh Network Engineer CCNA, CNE, CNS, A+, Network+ Certified [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37061&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX PAT Problem!! Urgent [7:37052]
Yes but there are caveats. You cannot do an all inclusive static mapping to a PAT interface but you can redirect certain traffic based on port to specific inside hosts. For example, if you only have a single outside address and you are using it on your outside interface, not only can you use PAT with the "interface" command, but you can then redirect traffic to a specific host(s) depending on requested TCP/UDP port. In other words, you can redirect all inbound traffic destined for TCP port 25 to your mail host inside while all other traffic inbound is denied while still using PAT for all of your outbound traffic. If you want more info, search for "port redirection" on CCO. Rik -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 02, 2002 2:31 AM To: [EMAIL PROTECTED] Subject: PIX PAT Problem!! Urgent [7:37052] Hi all, That is Very very Urgent!!!Please Help!!! Does anyone know that Can Cisco Pix Pat Ouside address to Inside address? for exampe: |---205.11.1.0---| | | (outside Security L 0) (--PIX--) (-Inside security L100) | | |--10.1.1.0---| can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? Thank you very much for your kindly help ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37085&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PAT Problem!! Urgent [7:37052]
What he wants do do works fine. The static command works both ways.. Use the static to define to ip and the port. I use this myself. ""Leslie McIntosh"" wrote in message news:[EMAIL PROTECTED].; > Ivan, > > This is a shot in the dark, but here is what I am > seeing scanning through my PIX book: > > NAT,GLOBAL commands are out because they require > inside to outside commands. > > STATIC appears to be outbound only as well > > ROUTE appears that it could work and allows the > if_name to be internal or external: > > ROUTE if_name ip_address netmask gateway_ip [metric] > ROUTE if_name 205.11.1.0 255.255.255.0 10.1.1.100 > > Try that. > > Thanks, > > Leslie McIntosh > > > --- Ivan wrote: > > Hi all, > > > > That is Very very Urgent!!!Please Help!!! > > Does anyone know that Can Cisco Pix Pat Ouside > > address to Inside address? > > for exampe: > > > > |---205.11.1.0---| > > | > > | > > (outside Security L 0) > > (--PIX--) > > (-Inside security L100) > > | > > | > > |--10.1.1.0---| > > > > can 205.11.1.0 255.255.255.0 PAT to 10.1.1.100?? > > > > Thank you very much for your kindly help > > > > ivan > [EMAIL PROTECTED] > > > = > Leslie McIntosh > Network Engineer > CCNA, CNE, CNS, A+, Network+ Certified > [EMAIL PROTECTED] > > __ > Do You Yahoo!? > Yahoo! Sports - sign up for Fantasy Baseball > http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37084&t=37052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX PAT Problem!! Urgent [7:37052] Sorry... [7:37067]
Sorry, misunderstood. Excuse the BW I spilled. Next time better. Martijn _ Chat on line met vrienden en probeer MSN Messenger uit: http://messenger.msn.nl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37067&t=37067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]