After working with the TAC for two days to resolve this issue the problem
turned out to
be that the router that goes between the server and the PIX had policy based
routing
enabled that was sending the SYN ACK packets out another port on the
router. One more
line in the access list and presto! T
Here is the whole config file from the pix, with a couple of IP's removed
and the info
from the Pix help screen about the static nat.
Thanks for looking at it.
Kevin
PIX Version 6.0(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd x
2001 7:22 PM
To:
Subject: Re: Pix static NAT error UPDATE [7:15169]
ok,
this is straight from Cisco's web site for code 6.0 on the pix.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/conf
ig.htm
It does indeed show this example:
static (inside,outside) 10.42
ok,
this is straight from Cisco's web site for code 6.0 on the pix.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/config.htm
It does indeed show this example:
static (inside,outside) 10.42.1.0 10.3.1.0
which should work...
-Patrick
>>> "Kevin McIntyre" 08/08/01 0
Do this for me.
type in:
static (inside,outside)
you should get a mini help screen that comes up. Cut and paste it and send
it this way. That's just too odd If this is the case and you can't do a
'normal' static mapping, you may want to downgrade
-Patrick
>>> "Kevin McIntyre" 08/0
uh oh... I'm not so sure I want to upgrade then...
why on earth would it force you to select a port? what if you had one
machine that offered 20 services? Would that mean you have to have 20
static mapping per server? sheeeshthat seems like a pain in the rump.
-Patrick
>>> "Kevin McIntyr
uh oh... I'm not so sure I want to upgrade then...
why on earth would it force you to select a port? what if you had one
machine that offered 20 services? Would that mean you have to have 20
static mapping per server? sheeeshthat seems like a pain in the rump.
-Patrick
>>> "Kevin McIntyr
I am using Pix software ver 6.0(1) and it won't allow me to not specify a
port. I seem
to be forced into specifying the smtp in the command line.
It did sound like a good idea though.
Kevin
Patrick Ramsey wrote:
> try doing a normal static mapping, then use acl's to allow smtp traffic
> throu
try doing a normal static mapping, then use acl's to allow smtp traffic
through...ie:
static (inside,outside) 192.168.250.16 10.2.48.50 netmask 255.255.255.255 0 0
-Patrick
>>> "Kevin McIntyre" 08/07/01 06:12PM >>>
I have the following line in a PIX 506 for static natting to an inside
server.
To:
Sent: Tuesday, August 07, 2001 6:12 PM
Subject: Pix static NAT error [7:15169]
> I have the following line in a PIX 506 for static natting to an inside
> server.
>
> static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
> 255.255.255.255 0 0
>
> When the
I have the following line in a PIX 506 for static natting to an inside
server.
static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
255.255.255.255 0 0
When the Pix is started this will work for a short period of time and
then will stop answering to connections on port 25 at all.
I've tried to do this before and I couldn't figure out a way to do it in the PIX. One
option would be to do NAT on the outside router, and NAT the .1 address to the .2,
then have a single static entry in the PIX for the .2. Not a pretty solution, but it
might work. :-)
Good luck,
John
>
>
Is there a way to statically nat multiple outside address to the same inside
address?
I have tried, with multiple static commands, but the Pix responds in error.
Example:
static (inside,outside) X.X.X.1 192.168.10.19 netmask 255.255.255.255 0 0
static (inside,outside) X.X.X.2 192.168.10.19 netma
13 matches
Mail list logo
