Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 6.3.5 and NAT Fedora Core 4

Hi,

We are trying to NAT a new linux box (running Fedora Relase 4) and getting odd results. We cannot access the box via NAT unless our source address is one from the same network as outside interface. We thought at was a problem with SElinux and built in firewall, but we reinstalled the software with both disabled and the problem got worse. You have to be on the same subnet as the outside interface and he only accoiunt that works is "root". I realize this dies not sound like a PIX issue, but any insight would help.

TIA,

Sam

4 REPLIES
New Member

Re: PIX 6.3.5 and NAT Fedora Core 4

Sorry about all the typos.

Gold

Re: PIX 6.3.5 and NAT Fedora Core 4

internet <--> pix <--> linux

assuming the simplified topology is accurate, and the issue is that no inbound access to the linux box.

firstly, compare the current pix config with the sample below:

static (inside,outside) tcp interface netmask 255.255.255.255

access-list inbound permit any interface outside eq

access-group inbound in interface outside; or

static (inside,outside) netmask 255.255.255.255

access-list inbound permit any host eq

access-group inbound in interface outside

to verify the nat, do "sh xlate | in ".

to verify the acl, do "sh access-l inbound".

New Member

Re: PIX 6.3.5 and NAT Fedora Core 4

Thanks, found the problem to be a problem on the ISP choke router.

Gold

Re: PIX 6.3.5 and NAT Fedora Core 4

it's good to learn that your issue has been resolved. please feel free to discuss any other issue you've got.

125
Views
0
Helpful
4
Replies
CreatePlease to create content