After working with the TAC for two days to resolve this issue the problem
turned out to
be that the router that goes between the server and the PIX had policy based
routing
enabled that was sending the SYN ACK packets out another port on the
router. One more
line in the access list and presto! T
Here is the whole config file from the pix, with a couple of IP's removed
and the info
from the Pix help screen about the static nat.
Thanks for looking at it.
Kevin
PIX Version 6.0(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd x
Do this for me.
type in:
static (inside,outside)
you should get a mini help screen that comes up. Cut and paste it and send
it this way. That's just too odd If this is the case and you can't do a
'normal' static mapping, you may want to downgrade
-Patrick
>>> "Kevin McIntyre" 08/0
uh oh... I'm not so sure I want to upgrade then...
why on earth would it force you to select a port? what if you had one
machine that offered 20 services? Would that mean you have to have 20
static mapping per server? sheeeshthat seems like a pain in the rump.
-Patrick
>>> "Kevin McIntyr
uh oh... I'm not so sure I want to upgrade then...
why on earth would it force you to select a port? what if you had one
machine that offered 20 services? Would that mean you have to have 20
static mapping per server? sheeeshthat seems like a pain in the rump.
-Patrick
>>> "Kevin McIntyr
I am using Pix software ver 6.0(1) and it won't allow me to not specify a
port. I seem
to be forced into specifying the smtp in the command line.
It did sound like a good idea though.
Kevin
Patrick Ramsey wrote:
> try doing a normal static mapping, then use acl's to allow smtp traffic
> throu
try doing a normal static mapping, then use acl's to allow smtp traffic
through...ie:
static (inside,outside) 192.168.250.16 10.2.48.50 netmask 255.255.255.255 0 0
-Patrick
>>> "Kevin McIntyre" 08/07/01 06:12PM >>>
I have the following line in a PIX 506 for static natting to an inside
server.
To:
Sent: Tuesday, August 07, 2001 6:12 PM
Subject: Pix static NAT error [7:15169]
> I have the following line in a PIX 506 for static natting to an inside
> server.
>
> static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
> 255.255.255.255 0 0
>
> When the
I have the following line in a PIX 506 for static natting to an inside
server.
static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
255.255.255.255 0 0
When the Pix is started this will work for a short period of time and
then will stop answering to connections on port 25 at all.
9 matches
Mail list logo