From: Keith Steller (keith@itconduit.com)
Date: Wed Apr 21 2004 - 01:22:58 GMT-3
Did you try to create a static that looks like this??
Static (in,out) tcp interface [port#] 192.168.1.100 [port#]
Can you attach the translation creation failure message or something?
Thanks,
Keith
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vazman@aol.com
Sent: Tuesday, April 20, 2004 10:42 PM
To: ccielab@groupstudy.com
Subject: Pix help needed
Hello,
I am trying to setup a Pix501E firewall for a small office. The office
has a DSL line and one public IP address only.
Requirements are
1. All internal hosts should be able to access the Internet. 2. And
there is a server running some apps (www, pcanywhere etc) that needs to
be accessible from the outside.
I configured nat and global commands to satisfy the first requirement.
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface
For the second requirement I configured static nat, created an ACL for
the required ports and applied it to the outside interface.
static (inside, outside) x.x.x.x 192.168.1.100 netmask 255.255.255.255 0
0
Problem is only the server can go out to the Internet and can be
accessed from outside, but other internal hosts cannot go out. I ran a
debug on the pix and was getting some translation errors (don't have the
exact message now)
What am I missing here? Is it the fact that I am using the public
address for static NAT, I cannot use the same address for PAT. This is
something that can be easily done on a linksys but not so
straightforward on a pix.
Thanks
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3