Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Returns to client from different IP

I am having trouble understanding why outside udp connections coming in on IP 1.2.3.4 go back out the PIX on 1.2.3.7

My PIX has a /248 mask on the outside interface so it has the range of say 1.2.3.4 to 1.2.3.10 exposed to the outside

These are the commands dealing with the udp traffic:

access-list fromoutside permit udp any host 1.2.3.4 eq 5678

static (inside,outside) udp 1.2.3.4 5678 10.10.10.10 5678 netmask 255.255.255.255

Can anyone nudge me in the right direction?

2 REPLIES
New Member

Re: Returns to client from different IP

Is 1.2.3.7 your outside interface IP, or an IP used in a NAT? Try using a static NAT instead of a static PAT:

static (inside,outside) 1.2.3.4 10.10.10.10

New Member

Re: Returns to client from different IP

Yes 1.2.3.7 is one of the IP's on the outside interface of the PIX. Unfortunately I cannot use static NAT because once traffic passes the PIX and is in the DMZ some of it (port 25) will go to the Microsoft firewall from there and some of it (the udp ports) will go to a different firewall from there.

I don't understand my nat lines, they are:

global (outside) 1 interface

and

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

89
Views
0
Helpful
2
Replies