Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 506 PAT and Statics with one IP Address

Is there a way to configure a PIX 506 running 6.2(2) code to utlize both the

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 commands and

static (inside,outside) tcp interface www 172.18.1.101 www netmask 255.255.255.255

When I try the configurations together the static statement overrides the PAT and redirects all inbound HTTP traffic to the WWW server. This effectively blocks all internal users except the WWW box from browsing the web.

Any Suggestions?

1 REPLY
Silver

Re: PIX 506 PAT and Statics with one IP Address

Static PAT is a many-to-one port mapping that is constant over time. For example, static PAT lets you redirect inbound TCP and UDP services. Using the static command interface option, you can use Static PAT to permit external hosts access TCP or UDP services residing on an internal host.

As always, though, an access list should also be in place to control access to the internal host, check you configurations for access list and also go through the below link and check if you have missed any configuration step

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

201
Views
0
Helpful
1
Replies
CreatePlease login to create content