Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
4
Replies

Static NAT doesn't works correctly

dgnaccar
Level 1
Level 1

‎10-15-2001 04:05 AM - edited ‎03-08-2019 08:52 PM

I have a problem with ths config:

global (outside) 1 194.94.76.58

nat (inside) 1 200.100.0.0 255.255.255.0 0 0

static (inside,outside) 194.94.76.60 200.100.0.1 netmask 255.255.255.255 0 0

static (inside,outside) 194.94.76.62 200.100.0.4 netmask 255.255.255.255 0 0

static (inside,outside) 194.94.76.61 200.100.0.3 netmask 255.255.255.255 0 0

conduit permit tcp host 194.94.76.60 eq smtp any

conduit permit tcp host 194.94.76.60 eq www any

conduit permit tcp host 194.94.76.60 eq 2080 any

conduit permit tcp host 194.94.76.61 eq 1604 any

conduit permit tcp host 194.94.76.60 eq 3270 any

conduit permit tcp host 194.94.76.60 eq 3443 any

conduit permit tcp host 194.94.76.60 eq 4270 any

conduit permit tcp host 194.94.76.61 eq 1494 any

conduit permit tcp host 194.94.76.61 eq www any

conduit permit tcp host 194.94.76.62 eq www any

conduit permit tcp host 194.94.76.62 eq 5631 any

conduit permit udp host 194.94.76.62 eq 5632 any

conduit permit tcp host 194.94.76.62 eq 443 any

The second static (static (inside,outside) 194.94.76.62 200.100.0.4 netmask 255.255.255.255 0 0

) statement does not work. We tried clear xlate, clear arp but didn't work. Could be a NIC problem?

Any idea?

Labels:
0 Helpful
4 Replies 4

rrbleeker
Level 1
Level 1

‎10-15-2001 02:16 PM

The configuration entries look fine. I would check the server (200.100.0.4) for configuration errors (IP address, mask, default gateway, etc) or connectivity issues. Succes

0 Helpful

jose.calvillo
Level 1
Level 1

‎10-15-2001 03:16 PM

I have seen issues in the past wherein the PIX has had major issues when trying to handle classless IP's. Your internal IP addresses have the 3rd octet as 0, thus classless.

Unfortunately I've never found a work around (other then re-ip'ing so the PIX doesn't have to use the classless IP's.)

0 Helpful

johan.blom
Level 1
Level 1

‎10-16-2001 03:02 AM

I have almost the same problem after I changed IP, no static lines would work and I checked the config serveral times I also had other people checking it with no luck :(

0 Helpful

dgnaccar
Level 1
Level 1

‎10-16-2001 05:39 AM

It was a router arp cache problem. We have reset the router and the PIX accordingly and the problem magicly gone away. Thanks to everyone for your contributions.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents