cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
567
Views
0
Helpful
6
Replies

pix 506e static ip problem

merlin_666
Level 1
Level 1

I have a 5 block range of ip's that our isp has given us. We use pat on the pix external address and use a static for the second ip in the range and both work fine. When I try to add a third static it doesn't work. No matter how I configure it I never get traffic out the third ip, or forth, or fifth for that matter. However if I use a static ip connected directly to our DSL modem they work fine

Any suggestions. Pix config attached but ip's changed.

Thanks,

Mike

6 Replies 6

Hello,

The commands on your configuration looks fine. There is something that you have to do whenever you do changes on your NAT.

As soon as you add the static translations you have to clear the translatioins. For example you add:

static (inside,outside) x.x.x.179 serverip netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.181 192.168.1.6 netmask 255.255.255.255 0 0

Then:

clear xlate local serverip

cl ear xlate local 192.168.1.6

After that the traffic should be able to get translated using the right ip. You can verify it by checking the translations created. You can check it by using the command:

show xlate

Or

show xlate local 192.168.1.6

This will give you the translation being made.

I hope this helps.

I make sure to do that each time. however the traffic still doesn't go through. Syslog shows syn timeout for the connection. pix-6-302014 I think for the error code. Looked and says something about DoS flood but that doesn't sound right.

If you get a Syn timeout it might be because the traffic is not returning to the PIX. Make sure the server has the default gateway pointing to the PIX.

arunsing
Level 1
Level 1

can you please post the syslogs and show xlate

Here is the show xlate with comments added. I'll add syslog shortly.

PAT Global 129.X.X.178(443) Local 192.168.1.24(137)

Global 129.X.X.182 Local 192.168.1.58 - static that doesn't work

PAT Global 129.X.X.178(33789) Local 192.168.1.85(1935)

PAT Global 129.X.X.178(33788) Local 192.168.1.65(50267)

PAT Global 129.X.X.178(33790) Local 192.168.1.45(2831)

PAT Global 129.X.X.178(4994) Local 192.168.1.200(1044)

Global 129.X.X.179 Local mdaemon - static has always worked

Syslog messages for just 192.168.1.58

10/7/2007 11:45 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 138990 for outside:69.61.55.195/80 (69.61.55.195/80) to inside:192.168.1.58/51601 (129.X.X.182/51601)

10/7/2007 11:45 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139007 for outside:64.236.16.52/80 (64.236.16.52/80) to inside:192.168.1.58/51602 (129.X.X.182/51602)

10/7/2007 11:46 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139026 for outside:64.236.24.12/80 (64.236.24.12/80) to inside:192.168.1.58/51603 (129.X.X.182/51603)

10/7/2007 11:46 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139032 for outside:198.23.16.138/443 (198.23.16.138/443) to inside:192.168.1.58/51604 (129.X.X.182/51604)

10/7/2007 11:46 Local4.Info 192.168.1.1 %PIX-6-302014: Teardown TCP connection 138942 for outside:198.23.16.138/443 to inside:192.168.1.58/51599 duration 0:02:01 bytes 0 SYN Timeout

10/7/2007 11:46 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139038 for outside:64.236.29.120/80 (64.236.29.120/80) to inside:192.168.1.58/51605 (129.X.X.182/51605)

10/7/2007 11:46 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139052 for outside:64.236.91.21/80 (64.236.91.21/80) to inside:192.168.1.58/51606 (129.X.X.182/51606)

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139054 for outside:64.236.91.22/80 (64.236.91.22/80) to inside:192.168.1.58/51607 (129.X.X.182/51607)

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139055 for outside:198.23.16.138/443 (198.23.16.138/443) to inside:192.168.1.58/51608 (129.X.X.182/51608)

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302014: Teardown TCP connection 138983 for outside:198.23.16.138/443 to inside:192.168.1.58/51600 duration 0:02:01 bytes 0 SYN Timeout

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139069 for outside:64.236.91.23/80 (64.236.91.23/80) to inside:192.168.1.58/51609 (129.X.X.182/51609)

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302014: Teardown TCP connection 138990 for outside:69.61.55.195/80 to inside:192.168.1.58/51601 duration 0:02:01 bytes 0 SYN Timeout

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302014: Teardown TCP connection 139007 for outside:64.236.16.52/80 to inside:192.168.1.58/51602 duration 0:02:01 bytes 0 SYN Timeout

10/7/2007 11:47 Local4.Info 192.168.1.1 %PIX-6-302013: Built outbound TCP connection 139089 for outside:64.236.91.24/80 (64.236.91.24/80) to inside:192.168.1.58/51610 (129.X.X.182/51610)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: