01-23-2007 03:10 AM - edited 03-13-2019 03:52 PM
I have a PIX 501, I seem to be having difficulties setting up NAT between my outside and inside interface. I want to pass post 21 and port 25 traffic via the external IP address to an internal server, but when I configure the NAT and policy the firewall freezes or trafic is not passed.
I Use the following process.
1) enter a new policy for say post 25 traffic between outside and inside interface (Specific address)
(outside Any-> inside 192.168.0.5)
2) The wizard in the ADM prompts for the creation of a NAT entry. I enter the interface details and the Nat is created and policy appears.
The ADM offten freezes at this point or if it does not I can not telnet on port 25 to my SMTP server, which is my usual test.
Does any one have any sugestions.
Regards Don.
01-29-2007 11:08 AM
To identify addresses on one interface that are translated to mapped addresses on another interface, use the nat command in global configuration mode. This command configures dynamic NAT or PAT, where an address is translated to one of a pool of mapped addresses. To remove the nat command, use the no form of this command.
For regular dynamic NAT:
nat (real_ifc) nat_id real_ip [mask [dns] [outside] [[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]]
no nat (real_ifc) nat_id real_ip [mask [dns] [outside] [[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]]
For policy dynamic NAT and NAT exemption:
nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]
no nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]
Try:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
01-30-2007 02:50 PM
Don-
look for the PDF on the CCO. The thing your looking for is Port Forwarding. With that any
inbound traffic headed for those ports will hit your email server. If you need more help email me I think I might have an example somewhere but the PDF will help you more. If you have the address space static nat is best for you.
hope this helps!
cnowlin
02-09-2007 01:34 PM
Allow the traffic through on the access-list for the outside interface.
access-list 101 permit tcp any host 64.128.161.xxx eq smtp
Setup static for that traffic/host pair
static (inside,outside) tcp 64.128.161.xxx pop3 192.168.5.38 pop3 netmask 255.255.255.255 0 0
I know this work at the CLI. Not sure about the GUI
Let the server inside still participate in the NAT scheme since there will still be outbound traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide