I have been looking for a definite answer to whether there is a bug that will not allow my PIX 501 with 6.3(1) to use dynamic and static PAT at the same time. The problem I have is this: I'm setting up a PIX on a PPPoE dsl connection with a web server behind it. I can get dynamic PAT to work to allow all inside hosts to access the internet. I can get static PAT to allow outside access to the web server. I cannot get both to work at the same time. I am a MCSE but am new to Cisco/PIX.
In reading some posts, I saw a reference to a bug that affects this. I have seen other posts that seem to indicate I should be able to do this sucessfully. When I had it set up, I could access the web server from the outside, but only the web server could access the internet. Any suggestions? I have been using the quick start instructions that came with the PIX.
Sounds to me like a common config issue seen when doing port redirection. Can you share your config with us for review? Remember to change public IP addresses (to something consistent please) and blank your passwords.
Well the wierd thing is I was booting all my test gear up to get the logs and it looks like everything is working now. Not sure if it needed a good reboot or clear xlate but I am able to access the internet from the mail server as well as recieve inbound ports......hmmmm
Cool. I was out of the office for a while but I did look at the config and you should be fine. Most people don't realize that a port static only works for packets *sourced* from that port. So, when trying to open a web browser on the mail server where you have a port static configured will not work becuase the packets from the mail server (in this case) are not *sourced* from port 25. You need to have a corresponding nat and global statement for the web browsing to work. Not sure how clear this is but your config is fine. I am guessing you may have been running into a known issue regarding statics and arp in the 6.3 code. Glad you got it fixed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...