cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
0
Helpful
3
Replies

Out of box...no web browsing?

fhall
Level 1
Level 1

I've got a 501, with nat(inside) and global(outside). Something is preventing web browsing, ftp and icmp traffic. with netstat I can see the connections established(telnet to port 80 of external web server, ftp) but never see banners or login prompts. I've tried some with access lists and get icmp back and forth but nothing else. Even tried (http://204.202.132.19) in a browser with no luck. Anyone have ideas why?

this is my config:

nat (inside) 5 0 0

global (outside) 5 interface

-with no access-lists i get nothing in or out

but with permit any tcp,udp,icmp,ip i get the symptoms above.

I've seen something in an article about needing to have a ptr record for the external int.

Any help is appreciated.

3 Replies 3

srittenberg
Level 1
Level 1

did you add your default route? things can't work without the default route.

dean_holroyd
Level 1
Level 1

never seen that type of global command option before. the syntax is:

global (if_name) nat_id global_ip-global_ip

global (outside) 5 200.0.0.1-200.0.0.5

using PAT it should be something like

nat (inside) 5 0 0

global (outside) 5 200.0.0.1

ptr's are only an issue with apps like ftp when you are running PAT (if you are running it as PAT you should have reverse dns entries so servers do not get confused with client port mappings)

The global command actually works every time for me. We're only using 1 ip externally, so when you try to define the global with the ip address you get an error. The global(outside) interface works nicely. The ptr's have also proven to be a neccesity with both cable and dsl. Without it we cannot get to the web(with 1 or 2 exceptions). The problem now is this:

-We're replacing a RED firewall with the delightful 501. Pat is being used, similar to the config shown above. The clients can all get out and surf perfectly after clearing the arp cache on each. The Novell server cannot. It can ping the 501 internal interface but not the external. I've cleared the cache, checked the routes, etc on the server but to no avail. Any ideas why?

BTW...Thanks for the input on the previous question.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: