07-10-2003 03:27 AM - edited 02-20-2020 10:50 PM
I am a strange problem
I have serval servers on inside
and internet user can access normally
but when I key "clear xlate" command or reboot the firewall
some server can not access from outside
unless I go to the server and key ping command to outside (like Isp DNS)
the server become normal and internet user can access again
why ??
07-10-2003 04:53 AM
How are you exposing that server to the outside? With a [static], [nat 0 x.x.x.x y.y.y.y], [nat 0 access-list xxx], or [nat,global]?
07-10-2003 05:34 PM
only
assume my server is 123.123.123.123
my command is only
nat (inside) 0 123.123.123.0 255.255.255.0
=======================================
but, after I key the question
I try a method and key the command
static (inside,outside) 123.123.123.123 123.123.123.123
everythiing is OK
I do not understand the command means
static (inside,outside) 123.123.123.123 123.123.123.123
Woud you explain that ??
Thanks a lot
07-11-2003 02:50 PM
The static command is the proper one to use for this. "static" meaning a permanent translation that does not time out.
static (pre-nat interface, post-nat interface) pre-nat-address post-nat-address netmask x.x.x.x
Your use of the nat 0 command created a dynamin no-nat entry that is created when traffic is sent from inside to out. Translations timeout when no traffic is sent from the inside host for the configured time period, thus making the host unavailable. When you would ping out, the translation was built again.
You can accomplish this with Nat 0 using an ACL. Nat 0 commands using ACLs also make permanent entries in the translation table.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: