Static NAT fails after 6.3 to 7.22 upgrade

Unanswered Question
Jul 10th, 2007
User Badges:

I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.


Any ideas ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 07/10/2007 - 07:12
User Badges:
  • Green, 3000 points or more

What do the statics look like? Are you using the keyword "interface" instead of the ip address?


static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255

adamhinett Tue, 07/10/2007 - 07:21
User Badges:

After the upgrade it looks like this:


interface Ethernet0/0

nameif outside

security-level 0

ip address 203.xxx.xxx.14 255.255.255.252


nat-control

global (outside) 1 interface

nat (inside) 0 access-list NoNAT

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0


static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255


so my static point's to IP is this a problem in 7.x

r.massanasanchez Tue, 07/10/2007 - 13:15
User Badges:

Before upgrade:


static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255


being 203.xxx.xxx.14 outside IP address


After upgrade it should looks like this...


static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255



Try it


acomiskey Tue, 07/10/2007 - 18:21
User Badges:
  • Green, 3000 points or more

Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.

Actions

This Discussion