06-30-2009 12:45 AM - edited 03-11-2019 08:49 AM
With PIX 6.3
I'm using a static IP-to-IP translation also ACL permission, and I'm unable to access to the inside.
What's may be wrong?
Regards,
Omar
06-30-2009 12:58 AM
Your acl could be using the wrong destination address, you could be using the wrong internal address - check both of these.
HTH>
06-30-2009 01:00 AM
The ACL is recording matches!! and the Static translation is fine.
06-30-2009 01:03 AM
Then you need to check if the internal device is actually listening on the UDP/TCP port numbers you have defined in your ACL.
Also if the internal device has internet access - goto www.whatismyip.com and confirm the NAT translation is 100% correct.
06-30-2009 01:08 AM
When using the 'show xlate' that don't show details on that PIX edition, is there a way for that?
06-30-2009 01:14 AM
AFAIK - there is not much, see the below command reference:-
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1084248
06-30-2009 01:19 AM
I'll try to review all that points and give a feedback.
06-30-2009 02:47 AM
Here is more details about the situation:
Fisrt, I have the commandes:
ACL:
permit tcp any 'public@ip1' eq www
permit ip any 'public@ip2
NAT:
static (inside,outside) tcp public@ip1 www private@ip1 www
static (inside,outisde) public@ip2 private@ip2
Access to the first ip@ with web is working (tested by telnetting the 80 port). But nothing is permitted to the second ip@ (no reply when telnet)
I inverted the ACLs and NAT (ip@1 with ip@2) and still the same, the first is OK and not the same.
If the server is not well configured, can I see the session open when translated by the PIX but not opened on the server?
Regards,
06-30-2009 02:50 AM
To check the servers, if they are windows @ the command line type "netstat -a" this will tell you what ports TCP/UDP the server is listening on and has current sessions.
Another good test is try to connect to the servers on the inside!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide