PIX 515 Ver 6.3(3) Blocking Internal traffic

smakco · ‎02-09-2006

Firewall had blocked access to the internal IP address which was mapped with a public IP address. This occured after I tried connecting the server directly to the public IP address bypassing the pix.

static (inside,outside) 70.45.5.8 192.168.0.145 255.255.255.255.0 0

I was not able to connect the internal 145 from outside address. In order to test the application I tried placing this system directly with public ip 70.45.5.8 and it worked. Now when I place the system back behind the firewall replacing the IP back to 192.168.0.145, it works on the internal network but firewall does not allow traffic through and I cannot even access internet. It had occured with three internal IPs and I have to change the ip to make the system work. I understand somewhere these ips are recorded in ACL denying access. Can someone tell me how to fix this problem so that I can use these IPs again on the network?

spremkumar · ‎02-09-2006

hi

did u try clear xlate before getting the server behind the local lan network ?? if you havent can you give a try and check ?

regds

varakantam · ‎02-09-2006

Modify your netmask to make it host based as opposed to network and you need to create seperate statics for each host.

The following command maps an inside IP address (10.1.1.3) to an outside IP address (209.165.201.12):

hostname(config)# static (inside,outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255