NAT Problem

Unanswered Question
Sep 9th, 2007
User Badges:

Hi ALL


Kindly assist with this.


We use a PIX 506E with 6.3 and 1 public IP Address. We want all machines (6)on inside network to connect to Internet while Internet user can connect

to 2 services running on 2 machines inside.


Inside Machine: a) web server on 192.168.170.190 and ftp server on

192.168.170.186


PIX inside interface IP = 192.168.170.185

PIX outside interface IP = 80.1.1.1


My setup


access-list goutbound permit ip 192.168.170.184 255.255.255.248 any access-list ginside permit tcp any host 80.1.1.1 eq www

access-list ginside permit tcp any host 80.1.1.1 eq ftp

access-group goutbound in interface inside access-group ginside in interface outside

global (outside) 1 interface

nat (inside) 1 0 0

static (inside,outside) tcp interface www 192.168.170.190 www netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.170.186 www netmask 255.255.255.255


While we can connect to the Internet from any machine on our inside network, the static does not seem to work as we can not connect to our ftp or www

machines from the internet.


Is my access-list and acces-group ok?

Can I use static(outside,inside) instead of static (inside,outside) above?


Please help.


Thanks.


Ismail


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Sun, 09/09/2007 - 05:18
User Badges:
  • Gold, 750 points or more

you need only this

access-list OUTSIDE-IN permit tcp any any eq ftp

access-list OUTSIDE-IN permit tcp any any eq www

access-group OUTSIDE-IN in interface outside

global (outside) 1 interface

nat (inside) 1 0 0

static (inside,outside) tcp interface www 192.168.170.190 www netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.170.186 www netmask 255.255.255.255


Actions

This Discussion