Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501- Stopped routing to the outside

I have a PIX501 configured with static command to provide access from outside to an internal server. This works flawlessly, nevertheless as soon as I applied the static command my internal network can not browse the Internet all of a sudden! Any ideas? The following is a highligh of some of the configuration:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 1 interface

route outside 0.0.0.0 0.0.0.0 x.x.x.97 1

;

;

;

static (inside, outside) x.x.x.122 192.168..3.11

access-list 101 permit tcp x.x.x.122 255.255.255.0 any eq www

access-group 101 in interface outside

is it possible that I am using the same NAT pool? My outside interface address is x.x.x.122 and is being utilized via PAT in the global cammand. I know that when using PAT you can not share the same IP address.

Will this problem be fixed by applying a different IP address as my Global, such as:

Global (outside) 1 x.x.x.123

I appreciate your input.

Thanks

2 REPLIES
New Member

Re: PIX 501- Stopped routing to the outside

I kind of ran into the same problem not to long ago. I still manage to use the same IP address (outside).

For your static command try using port redirection, I hope this helps.

static (inside,outside) tcp 172.18.124.99 telnet 10.1.1.6 telnet netmask 255.255.255.255 0 0

static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0

static (inside,outside) tcp 172.18.124.208 telnet 10.1.1.4 telnet netmask 255.255.255.255 0 0

static (inside,outside) tcp interface telnet 10.1.1.5 telnet netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www 10.1.1.5 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 172.18.124.208 8080 10.1.1.7 www netmask 255.255.255.255 0 0

Go to this link for further information: http://www.cisco.com/warp/public/707/28.html#topic9

Eduardo

Re: PIX 501- Stopped routing to the outside

Hi,

try to change the access-list. It should be like this:

access-list 101 permit tcp any host x.x.x.122 eq www

(from any host on the internet to the global address of the internal webserver)

If this still doesn't work also change the static command:

static (inside, outside) interface 192.168.3.11

(translate 192.168.3.11 to the outside interface address)

Kind Regards,

Tom

97
Views
0
Helpful
2
Replies
CreatePlease login to create content