We are using a PIX (2 interface). Im trying to add an inbound connection to our server inside the network.
The inside address is 126.96.36.199 and the outside address is 188.8.131.52. First thing I did was to try to ping the outside address (184.108.40.206) in the firewall itself, I used the config below. Is this correct? I can't seamed to ping the 220.127.116.11, do you think this is normal? I tried to ping from our router outside, it does not reply either, can anyone help? Thanks in advance.
PIX Version 5.3(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
access-list acl_out permit icmp any host 18.104.22.168
pager lines 24
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 22.214.171.124 255.255.255.248
ip address inside 126.96.36.199 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 188.8.131.52-184.108.40.206 netmask 255.255.255.248
nat (inside) 1 220.127.116.11 255.255.255.0 100 50
alias (inside) 18.104.22.168 22.214.171.124 255.255.255.255
I noticed that the outside IP address 126.96.36.199 has a different IP network address outside which is 188.8.131.52. For sure it won't ping because it has different network address. It seems that 230 is not Class C address because class C is from 192 to 223 only.
Thanks for the respond, anyways, I entered the wrong address at the top, it should be 230.13.200.*. This sub net is just a sample, I replaced my real external subnet id to this one, just incase theres hackers snooping around this forum.
What Im trying to do here is map the external address 184.108.40.206 to the internal one 220.127.116.11. Note that 18.104.22.168 is my PIX515. You mean I have to map to the pix address (22.214.171.124)?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...