Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Outside hosts cannot access the server on DMZ of the PIX/ASA through static translation

Resolution

Complete these steps:

  1. Make sure the static command is entered correctly and that it does not overlap another static command.

    This is an example of overlapping static commands:

    static (inside,outside) 199.1.1.1 10.10.10.1
    static (dmz,outside) 199.1.1.1 172.16.1.1


  2. Make sure that an access list or conduit exists in order to permit access to the global IP address from the outside.

    These are examples of an access list and conduit :

    access-list inbound permit tcp any host 199.1.1.1 eq 80
      

    or

    conduit permit tcp host 199.1.1.1 eq 80 any

  3. Check for Address Resolution Protocol (ARP) conflicts if the server was moved from one side of the PIX to another, or if the global address is or was used by a different device. In order o see if there are conflicting ARP entries in the PIX, enter the show arp command. In order to clear the ARP table in the PIX, enter the clear arp command.

       


Refer to the Allowing Untrusted Hosts Access to Hosts on Your Trusted Network section of Using nat, global, static, conduit, and access-list Commands and Port Redirection(Forwarding) on PIX for more information and a configuration example.

Refer to PIX 7.0 and Adaptive Security Appliance Port Redirection(Forwarding) with nat, global, static, conduit, and access-list Commands for more information and a configuration example on the PIX/ASA version 7.x.

628
Views
0
Helpful
0
Comments