Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Static NAT fails after 6.3 to 7.22 upgrade

I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.

Any ideas ?

4 REPLIES
Green

Re: Static NAT fails after 6.3 to 7.22 upgrade

What do the statics look like? Are you using the keyword "interface" instead of the ip address?

static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255

Community Member

Re: Static NAT fails after 6.3 to 7.22 upgrade

After the upgrade it looks like this:

interface Ethernet0/0

nameif outside

security-level 0

ip address 203.xxx.xxx.14 255.255.255.252

nat-control

global (outside) 1 interface

nat (inside) 0 access-list NoNAT

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

so my static point's to IP is this a problem in 7.x

Community Member

Re: Static NAT fails after 6.3 to 7.22 upgrade

Before upgrade:

static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255

being 203.xxx.xxx.14 outside IP address

After upgrade it should looks like this...

static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255

Try it

Green

Re: Static NAT fails after 6.3 to 7.22 upgrade

Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.

129
Views
0
Helpful
4
Replies
CreatePlease to create content