07-10-2007 07:08 AM - edited 03-11-2019 03:42 AM
I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.
Any ideas ?
07-10-2007 07:12 AM
What do the statics look like? Are you using the keyword "interface" instead of the ip address?
static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255
07-10-2007 07:21 AM
After the upgrade it looks like this:
interface Ethernet0/0
nameif outside
security-level 0
ip address 203.xxx.xxx.14 255.255.255.252
nat-control
global (outside) 1 interface
nat (inside) 0 access-list NoNAT
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255
so my static point's to IP is this a problem in 7.x
07-10-2007 01:15 PM
Before upgrade:
static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255
being 203.xxx.xxx.14 outside IP address
After upgrade it should looks like this...
static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255
Try it
07-10-2007 06:21 PM
Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: