Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 520 static inside outside.

I am trying to change static command in pix 520.

Currently, I have it set for (static inside, outside 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0)

This is going to allow 172.16.1.0 network.

However, I am running out of 172.16.1.0 network IP.

So I have decide to allow (172.16.0.0 network)

I try add to add (static inside outside 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0) but its says 172.16.0.0: That address already statically translate.

Does anyone know, how I can change the static command.

ex.

static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0

conduit permit tcp host 172.16.1.30 eq 443 any

conduit permit tcp host 172.16.1.11 eq smtp any

conduit permit tcp host 172.16.1.11 eq 143 any

conduit permit tcp host 172.16.1.11 eq pop3 any

conduit permit tcp host 172.16.1.30 eq www any

conduit permit tcp host 172.16.1.150 eq smtp any

conduit permit tcp host 172.16.1.150 eq pop3 any

conduit permit tcp host 172.16.1.150 eq 143 any

conduit permit tcp host 172.16.1.10 eq smtp any

conduit permit tcp host 172.16.1.10 eq 143 any

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

route outside 0.0.0.0 0.0.0.0 172.16.1.5 1

route inside 0.0.0.0 255.255.0.0 172.16.1.7 2

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

William

7 REPLIES
New Member

Re: PIX 520 static inside outside.

hey bro

the easy way take out the old one and put the new one in.

172.16.0.0/16

PIX doesn't really know the the 172.16.1.0/24 is a 24 bit subnet. Because that class of IP is 16 bit

just remove and add

New Member

Re: PIX 520 static inside outside.

Yes I have tried to remove it but it won't.

no static (inside,outside) 172.16.1.0. 172.16.1.0 netmask 255.255.255.0 0

static (inside,outside) 172.16.0.0. 172.16.0.0 netmask 255.255.0.0 0 0

It won't do it.

New Member

Re: PIX 520 static inside outside.

I am not sure, but it might be because you have active conduit statements that disallow you to remove the static command. Try removing the conduits, remove the static, reinstate your new static and enter the conduits.

New Member

Re: PIX 520 static inside outside.

Remember that when you remove a static you should also clear xlate so that any established sessions are flushed. Once you add the new one it should work.

New Member

Re: PIX 520 static inside outside.

Thanks guys

It makes total sense.

I have to remove to active conduits first and clear xlate.

William

New Member

Re: PIX 520 static inside outside.

You should delete the old static commands before putting in the new one. Or you can add

"static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0"

and use the new "2" subnet.

New Member

Re: PIX 520 static inside outside.

I would probably add another static instead of deleting old static commands.

static (inside,outside) 172.16.1.0 172.161.0 netmask 255.255.255.0 0 0

static (inside,outside) 172.16.2.0 172.16.2.0 netmask 255.255.255.0 0 0

227
Views
0
Helpful
7
Replies