07-17-2006 05:43 AM - edited 02-21-2020 01:03 AM
Hi all,
This question is regarding doing differnet kinds of statics on a pix6.3(4).
I have a setup where I need to static-nat a public IP address into a mail-server on the private network.
This works fine. Now I also want to expose the inside network to the public side (as shown in the config example)
inside ip 192.168.1.x
outside ip 55.55.44.x
static (inside,outside) 55.55.44.33 192.168.1.10 netmask 255.255.255.255 0 0 <- mail server
static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
Now...will the specific static to the mail-server take precende over the net-to-net translation?
Kind regards
Solved! Go to Solution.
07-17-2006 06:50 AM
Hi Kevin,
Over-lapping ip can be resolved by leaving the network 192.168.1.0/24 at the end of the static statements. When a packet arrives to the outside interface, the pix processes all static statements from top to bottom. Since the mail server is configured before the net-to-net, this statement will take precende. (for 6.3 code)
Mike
Mike
07-17-2006 08:50 AM
Hi Kelvin,
This will occurs by default, the PIX will consult the first statement because you entered it first.
But if you enter first the 2nd static command the PIX will not validate the first "static" command and will show you a warning message:
"WARNING: mapped-address conflict with existing static"
So try to enter the more granular static command first then more general ones.
07-17-2006 06:50 AM
Hi Kevin,
Over-lapping ip can be resolved by leaving the network 192.168.1.0/24 at the end of the static statements. When a packet arrives to the outside interface, the pix processes all static statements from top to bottom. Since the mail server is configured before the net-to-net, this statement will take precende. (for 6.3 code)
Mike
Mike
07-17-2006 08:50 AM
Hi Kelvin,
This will occurs by default, the PIX will consult the first statement because you entered it first.
But if you enter first the 2nd static command the PIX will not validate the first "static" command and will show you a warning message:
"WARNING: mapped-address conflict with existing static"
So try to enter the more granular static command first then more general ones.
07-17-2006 11:30 PM
Thx guys,
Very helpfull :-)
Kelvin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: