I have Cisco PIX (Version 6.2) which is running in our infrastructure. I have a server with Local IP (126.96.36.199) and I want to be access this server through internet (Real IP: 188.8.131.52). I just entered the command " static (inside,outside) 184.108.40.206 220.127.116.11 netmask 255.255.255.255 0 0 " in the OIX but i didn't access the server. Can You please help me how can i access this server throug real IP from internet in outside network.
Jouni is right, the ACL that you applied to the outside interface only allows ICMP.
It seems to me that you have new IP Address (18.104.22.168), is this a new IP that has been assigned by your ISP to your company? That IP Address is not in the same subnet as your outside subnet, so need to ensure that the IP Address belongs to your company, and not assign to other company, and it is being routed to your PIX outside interface (22.214.171.124). You can run a packet capture on the PIX outside interface, and see if you are seeing any hitcount as you ping 126.96.36.199 from the Internet. If you see hitcount, that means it is being routed correctly. If you are not seeing any hitcount, it means either the IP Address isn't assigned to your company or it is being routed incorrectly. If you are seeing hitcount, you just have to configure ACL to allow access that you require inbound to that IP Address on the outside interface.
Are you sure your internal IP address is 188.8.131.52? That seems to be a public IP address actually as the private IP address range is 172.16.0.0 - 184.108.40.206
Then again I guess it does not matter as long as the internal subnet is using that same address space as the host and NAT is being performed on the firewall.
Since you have configured the Static NAT for the host have you also configured the ACL to allow traffic to this host from the external network? You are running such an old software that I am not sure was this configured using the "conduit" or was it already "access-list".
Naturally you could share the configuration (edit any sensitive information away from the configuration before sharing) so we can take a look what might be the problem.
So if you want to change the above ACL to be used on your external interface then you need to issue this command
access-group outside_access_in in interface outside
You will also need to add rule for the new public static IP address you used in the Static NAT configuration.
To allow traffic to the new internal host you would have to add something like this. Notice that I only gave an example. You simply need to add statements for the ports/protocol that need to be allowed through the firewall to this internal host. I don't think you mentioned them in the original post so I don't know exactly what needs to be allowed.
access-list outside_access_in permit tcp any host 220.127.116.11 eq <port number>
access-list outside_access_in permit udp any host 18.104.22.168 eq <port number>
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...