Static NAT fails after 6.3 to 7.22 upgrade

Unanswered Question
Jul 10th, 2007

I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.

Any ideas ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 07/10/2007 - 07:12

What do the statics look like? Are you using the keyword "interface" instead of the ip address?

static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255

adamhinett Tue, 07/10/2007 - 07:21

After the upgrade it looks like this:

interface Ethernet0/0

nameif outside

security-level 0

ip address 203.xxx.xxx.14 255.255.255.252

nat-control

global (outside) 1 interface

nat (inside) 0 access-list NoNAT

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

so my static point's to IP is this a problem in 7.x

r.massanasanchez Tue, 07/10/2007 - 13:15

Before upgrade:

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

being 203.xxx.xxx.14 outside IP address

After upgrade it should looks like this...

static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255

Try it

acomiskey Tue, 07/10/2007 - 18:21

Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.

Actions

This Discussion