From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Apr 21 2004 - 01:08:09 GMT-3
One piece of advice... any time you add or make changes to translations,
make sure you issue the "clear xlate" command. That will clear all your
active translations...
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
Custom Computer Specialists, Inc.
"The only unattainable goal is the one not attempted."
-Anonymous
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vazman@aol.com
Sent: Tuesday, April 20, 2004 11:42 PM
To: ccielab@groupstudy.com
Subject: Pix help needed
Hello,
I am trying to setup a Pix501E firewall for a small office. The office
has a DSL line and one public IP address only.
Requirements are
1. All internal hosts should be able to access the Internet. 2. And
there is a server running some apps (www, pcanywhere etc) that needs to
be accessible from the outside.
I configured nat and global commands to satisfy the first requirement.
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface
For the second requirement I configured static nat, created an ACL for
the required ports and applied it to the outside interface.
static (inside, outside) x.x.x.x 192.168.1.100 netmask 255.255.255.255 0
0
Problem is only the server can go out to the Internet and can be
accessed from outside, but other internal hosts cannot go out. I ran a
debug on the pix and was getting some translation errors (don't have the
exact message now)
What am I missing here? Is it the fact that I am using the public
address for static NAT, I cannot use the same address for PAT. This is
something that can be easily done on a linksys but not so
straightforward on a pix.
Thanks
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3