Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

PIX 501 problem with PAT and static

pglevelle
Level 1
Level 1

‎12-15-2003 10:12 AM - edited ‎02-20-2020 11:09 PM

I have a PIX 501 (running FOS 6.1.1) in front of a SBS 2000 server that host web and exchange mail services. The ISP has issued a single static public address. I have followed the recommendations for configuring the PIX to perform PAT so the inside clients can share access. Inside is a 10.0.x.x subnet.

My problem is that as soon as I add the static mapping command to allow access from outside to the common web/mail server on the inside, PAT stops working for all clients...server access to the outside still works. With the static added, access from outside to the inside web/mail server works correctly. I have confirmed this problem with sh xlate command. Is it possible for PAT and a static mapping to share a single external IP address?

Any suggestions on how to solve this problem???

0 Helpful
1 Reply 1

pglevelle
Level 1
Level 1

‎12-15-2003 11:54 AM

I've done some more reading on this forum and found some more information on static commands to allow traffic inside to a specific server hosting web/email services using a single public IP address.

My current static command that conflict with PAT is...

static (inside,outside) netmask 255.255.255.255 0 0

I found this listing for static for smtp traffic..

static (inside,outside) tcp smtp smtp netmask 255.255.255.255 0 0

Do I include a second static for web access like this???

static (inside,outside) tcp www www netmask 255.255.255.255 0 0

Any suggestions or corrections????

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card