04-10-2007 09:55 AM - edited 03-11-2019 02:58 AM
Hello all,
I have a particular question and would like to know if this is feasable from a staic NAT translation perspective on a PIX firewall and a remote inside network.
Equipment: PIX 515E version 6.3(3)
Physical Interfaces 6
Design on Network Site A:
InternetRouter-->DMZswitch-->Outside<>PIX<>Inside-->EDGErouter-->6509MSFC2local
Internal routing: OSPF, inclduing the PIX ospf participation.
Network site B:
Connects from Network site A 6509MSFC2local--><<100MB WAN link Ethernet>>-->6506MSFC2
We had a particular server connected to our 6509 switch in network site A configured to be access from the outside world with specific access rules for specific public access. The server was moved to site B and was also re-ip. I created on the PIX inside interface the new host/ip address for that server, as well as created the access rules and static NAT to reflect the new IP changes
on the server, however, the server cannot be access from the outside anymore. I can ping the server from the PIX since it is all dynamic routing the PIX can reach it but when users try to connect using the public IP it does not
seem to translate and redirect the traffic.. any suggestions?
Thanks
Jorge
04-10-2007 11:03 AM
Have you used the "clear xlate" command?
04-10-2007 02:30 PM
Yes, I have used clear xlate for ftp , I see the built inbound TCP connection but never see the teardown in the pix logs .. on the ftp server logs I noticed " Session closed by peer " peer being the the outside source.
I have also done a debug packet src and dst
%PIX-6-302013: Built inbound TCP connection 106473828 for outside:72.200.152.202/4542 (72.200.152.202/4542) to inside:192.168.13.10/21 (63.x.x.118/21)
04-12-2007 08:40 AM
Just wanted to add additional information to this post, I am still having issues with the FTP server that moved to a remote location. I have conducted several captures.
On the ftp server to see that the connection is stablished from source/destination.On the ftp server logs I see the source IP address so at this point I know the outside source is reaching the FTP server . The FTP client indicates " Connection statblished Waiting for reply from server " but then it times out.
Also, did a packet debug outside as well as inside, seems as the FTP server never responds and the connection times out.
It seems the reply from the FTP server is not getting to the source.
See attached
Thanks
Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: