Firewall Wizards mailing list archives

RE: No connection once the translation rules are applied

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 11 Dec 2003 09:26:59 -0500

Any time you change NAT rules on a PIX, your first troubleshooting step 
should always be to run 'clear xlate'.

If the IP address doesn't change, why perform static NAT for it?  Instead
of the static, try:

nat (outside) 0 192.168.1.10 255.255.255.255

With other types of connections, you might be able to perform static
PAT via the outside interface, but I'm not sure that the PIX supports
GRE in that configuration.

Also, it looks like you're missing a source 'any' in the permit tcp rule
below.  Good luck!

PaulM


-----Original Message-----
I have a 501 v. 6.3(1). I am attempting to establish a PPTP VPN server 
(192.168.1.10) behind the firewall. I lose Internet connectivity once I apply 
the translation rules. I do not have an electronic copy available, but here is 
a quick synopsis of the pertinent entires.


fixup protocol pptp 1723
access-list outside_access_in permit gre any host 192.168.1.10
access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp
access-list outside_access_in permit icmp any any echo-reply
ip address outside xxx.xxx.xxx.xxx 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside

What am I missing here?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

No connection once the translation rules are applied geoffreyh (Dec 11)
- <Possible follow-ups>
- RE: No connection once the translation rules are applied Joshua Vince (Dec 11)
- RE: No connection once the translation rules are applied Melson, Paul (Dec 11)