From: Steve Munro (Steve.Munro@integralis.com)
Date: Mon Dec 23 2002 - 16:33:28 GMT-3
Alfred,
My guess would be that the pix is trying to use tcp syslog to a server that
is not available. Have you set up a syslog server ? failing that show us the
output of show xlate and show logging. Do you have any other interfaces
configured ?
regards,
Steve
-----Original Message-----
From: Alfred Chin [mailto:chinalfr@attbi.com]
Sent: 23 December 2002 16:15
To: Ccielab (E-mail)
Subject: PIX question/help?
GlacierI run into some weird problem while setting up a new PIX. I hope
someone might have some idea what is wrong with my setting or just the
hardware.
Basically, I try to use NAT from my inside interface to outside interface.
Here is a sample config.
ip address outside 216.3.99.2 255.255.255.128
ip address inside 192.168.0.1 255.255.255.0
global (outside) 1 216.3.99.3 netmask 255.255.255.128
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 216.3.99.1 1
Here is the problem, the PIX can't perform any NAT/PAT function. Traffic is
not being NAT/PAT from inside to outside. Turn on debugging on the PIX.
Here is a log from the debugging.
111008: User 'enable_15' executed the 'clear logging' command.
111009: User 'enable_15' executed cmd: show logging
609001: Built local-host inside:192.168.0.226
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2265 dst outside:64.58.76.178/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2265 dst outside:64.58.76.178/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2265 dst outside:64.58.76.178/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2266 dst outside:64.58.76.222/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2266 dst outside:64.58.76.222/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2266 dst outside:64.58.76.222/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2267 dst outside:64.58.76.224/80
201008: The PIX is disallowing new connections.
305006: portmap translation creation failed for tcp src
inside:192.168.0.226/2267 dst outside:64.58.76.224/80
201008: The PIX is disallowing new connections.
This is a PIX 515UR running PIX ver 6.2.2.
Thanks in advance.
Merry Christmas & Happy New Year to all
Alfred Chin
[GroupStudy.com removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg]
.
Please note that:
1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices.
3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is sent.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:51 GMT-3