Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
6
Replies

Static commands

joey
Level 1
Level 1

‎08-21-2006 11:28 PM - edited ‎03-09-2019 03:58 PM

The host with ip address 172.17.2.1 can not connect to the internet nor can I connect to it remotely using PCAnywhere. If the host uses any other ip address on the inside network that is not statically assigned it can get to the internet with no problem.

Please see the configuration file for the PIX.

Labels:
Preview file
12 KB
0 Helpful
6 Replies 6

m.sir
Level 7
Level 7

‎08-22-2006 12:41 AM

IP address 172.17.2.1 is IP of PIX inside interface you cannot address with this IP server on inside network.. You can access to PC remotely because you are on same subnet so gefautl gateway has no role in this issue... Please DONT USE IP of PIX interface for host on inside network.......

BTW show full running configuration on public forum is something NON ACCEPTABLE from security point of view...

0 Helpful

vijayasankar
Level 4
Level 4

‎08-22-2006 12:42 AM

Hi,

I just had a quick look at your config.

The ip address 172.17.2.1 is assigned for the pix inside interface. Hence you cannot use this for any host in the inside network.

Kindly clarify whether the ip that you have mentioned is the correct one with which you were experience problems.

-VJ

0 Helpful

joey
Level 1
Level 1
In response to vijayasankar

‎08-22-2006 07:47 AM

Oh sorry guys, the ip address of the host that is having the problem is 172.17.2.25.

0 Helpful

jmia
Level 7
Level 7

‎08-22-2006 12:44 AM

TO THE MODIRATOR - CAN YOU PLEASE TAKE OUT THE CONFIGURATION POSTED.

TO: joey@jc-consulting.com

YOU SHOULD NEVER POST 'LIVE' CONFIG ON A PUBLIC FORUM FOR OBVIOUS REASONS!!!

Jay

0 Helpful

fausto-oliveira
Level 1
Level 1

‎08-23-2006 08:09 AM

Did you issued a clear XLATE after you configured the Static ?

when you do a : debug packet outside 193.219.222.243

do you see any output ?

PS - By the way I think you should use access-list instead of conduit it is more secure and allows you to have a fine grain aproach to network security.

PS2 - I agree with our fellow coleagues you shouldn't post the complete configuration and e-mail conversation regarding anything related to your security, always obscure any IP's, ACL content, users and password. If need replace the real IP addresses by fictional ones.

0 Helpful

joey
Level 1
Level 1
In response to fausto-oliveira

‎08-23-2006 10:46 AM

Thanks, I did issue a clear xlate. I will try to use debug and see if I see any output. How can I remove the config file?

0 Helpful
Customers Also Viewed These Support Documents