cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
304
Views
0
Helpful
4
Replies

Static NAT fails after 6.3 to 7.22 upgrade

adamhinett
Level 1
Level 1

I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.

Any ideas ?

4 Replies 4

acomiskey
Level 10
Level 10

What do the statics look like? Are you using the keyword "interface" instead of the ip address?

static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255

After the upgrade it looks like this:

interface Ethernet0/0

nameif outside

security-level 0

ip address 203.xxx.xxx.14 255.255.255.252

nat-control

global (outside) 1 interface

nat (inside) 0 access-list NoNAT

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

so my static point's to IP is this a problem in 7.x

Before upgrade:

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

being 203.xxx.xxx.14 outside IP address

After upgrade it should looks like this...

static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255

Try it

Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: