Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
3
Replies

PIX Firewall 515E , Public static NAT - redirect

JORGE RODRIGUEZ
Level 10
Level 10

‎04-10-2007 09:55 AM - edited ‎03-11-2019 02:58 AM

Hello all,

I have a particular question and would like to know if this is feasable from a staic NAT translation perspective on a PIX firewall and a remote inside network.

Equipment: PIX 515E version 6.3(3)

Physical Interfaces 6

Design on Network Site A:

InternetRouter-->DMZswitch-->Outside<>PIX<>Inside-->EDGErouter-->6509MSFC2local

Internal routing: OSPF, inclduing the PIX ospf participation.

Network site B:

Connects from Network site A 6509MSFC2local--><<100MB WAN link Ethernet>>-->6506MSFC2

We had a particular server connected to our 6509 switch in network site A configured to be access from the outside world with specific access rules for specific public access. The server was moved to site B and was also re-ip. I created on the PIX inside interface the new host/ip address for that server, as well as created the access rules and static NAT to reflect the new IP changes

on the server, however, the server cannot be access from the outside anymore. I can ping the server from the PIX since it is all dynamic routing the PIX can reach it but when users try to connect using the public IP it does not

seem to translate and redirect the traffic.. any suggestions?

Thanks

Jorge

Jorge Rodriguez
Labels:
0 Helpful
3 Replies 3

bbacola
Level 1
Level 1

‎04-10-2007 11:03 AM

Have you used the "clear xlate" command?

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to bbacola

‎04-10-2007 02:30 PM

Yes, I have used clear xlate for ftp , I see the built inbound TCP connection but never see the teardown in the pix logs .. on the ftp server logs I noticed " Session closed by peer " peer being the the outside source.

I have also done a debug packet src and dst

%PIX-6-302013: Built inbound TCP connection 106473828 for outside:72.200.152.202/4542 (72.200.152.202/4542) to inside:192.168.13.10/21 (63.x.x.118/21)

Jorge Rodriguez
0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to JORGE RODRIGUEZ

‎04-12-2007 08:40 AM

Just wanted to add additional information to this post, I am still having issues with the FTP server that moved to a remote location. I have conducted several captures.

On the ftp server to see that the connection is stablished from source/destination.On the ftp server logs I see the source IP address so at this point I know the outside source is reaching the FTP server . The FTP client indicates " Connection statblished Waiting for reply from server " but then it times out.

Also, did a packet debug outside as well as inside, seems as the FTP server never responds and the connection times out.

It seems the reply from the FTP server is not getting to the source.

See attached

Thanks

Jorge

Jorge Rodriguez
Preview file
4 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card