Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 problem with PAT and static

I have a PIX 501 (running FOS 6.1.1) in front of a SBS 2000 server that host web and exchange mail services. The ISP has issued a single static public address. I have followed the recommendations for configuring the PIX to perform PAT so the inside clients can share access. Inside is a 10.0.x.x subnet.

My problem is that as soon as I add the static mapping command to allow access from outside to the common web/mail server on the inside, PAT stops working for all clients...server access to the outside still works. With the static added, access from outside to the inside web/mail server works correctly. I have confirmed this problem with sh xlate command. Is it possible for PAT and a static mapping to share a single external IP address?

Any suggestions on how to solve this problem???

1 REPLY
New Member

Re: PIX 501 problem with PAT and static

I've done some more reading on this forum and found some more information on static commands to allow traffic inside to a specific server hosting web/email services using a single public IP address.

My current static command that conflict with PAT is...

static (inside,outside) netmask 255.255.255.255 0 0

I found this listing for static for smtp traffic..

static (inside,outside) tcp smtp smtp netmask 255.255.255.255 0 0

Do I include a second static for web access like this???

static (inside,outside) tcp www www netmask 255.255.255.255 0 0

Any suggestions or corrections????

213
Views
0
Helpful
1
Replies
CreatePlease login to create content