11-16-2005 04:05 PM - edited 03-09-2019 01:04 PM
I have never dealt with PIX firwalls (I am fairly new in the field). I have a customer that has a 506E. I need to create a static NAT map on it. I have tried and tried with no success. Can you please give me some guidance (with ACLs and the NAT)?
Here is the info on the firewall:
eth0 (outside):
IP: OUR.PUB.LIC.IP
Subnet Mask: 255.255.255.240
Connected to the 1721 router
eth0 (inside):
IP:207.184.18.58
Subnet Mask: 255.255.255.192
Connected to the 2950 Switch
Attached is the running config.
11-16-2005 08:09 PM
Matt,
consider the server on the inside as 192.168.1.10 and the public IP as 200.200.200.2 (any free IP from the ISP). YOu need to configure the following:
static (inside,outside) 200.200.200.2 192.168.1.10 netmask 255.255.255.255
This creates a mapping on the NAT XLATE table of the PIX. Only if this entry is there on the firewall, traffic from outside can hit the server on the inside network... You also need to give the access-list to permit the required port from outside
access-list outside permit tcp any host 200.200.200.2 eq 80
this will allow http access from outside to the host 200.200.200.2
Hope this helps.. all the best.. rate replies if found useful..
Raj
11-19-2005 09:08 AM
Thanks for the reply. Would I then need to issue an Access-Group command to apply that ACL to an interface? Can you please show me what that command would look like?
Thanks.
11-19-2005 01:17 PM
Hi
this is the command to add an access-group
access-group outside in interface outside
Best Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: