Static NAT fails after 6.3 to 7.22 upgrade

Unanswered Question
Jul 10th, 2007

I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.

Any ideas ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Tue, 07/10/2007 - 07:12

What do the statics look like? Are you using the keyword "interface" instead of the ip address?

static (inside,outside) tcp interface smtp smtp netmask

adamhinett Tue, 07/10/2007 - 07:21

After the upgrade it looks like this:

interface Ethernet0/0

nameif outside

security-level 0

ip address


global (outside) 1 interface

nat (inside) 0 access-list NoNAT

nat (inside) 1

nat (inside) 1

static (inside,outside) tcp smtp smtp netmask

so my static point's to IP is this a problem in 7.x

r.massanasanchez Tue, 07/10/2007 - 13:15

Before upgrade:

static (inside,outside) tcp smtp smtp netmask

being outside IP address

After upgrade it should looks like this...

static (inside,outside) tcp interface smtp smtp netmask

Try it

acomiskey Tue, 07/10/2007 - 18:21

Yes, as I wrote before you want to replace "" with the keyword "interface. That should do the trick.


This Discussion