Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX501 PAT and Static NAT problems

From: Dave Rinker <firewall () dsrtech com>
Date: 02 Jun 2003 06:54:29 -0400


Arj,

since your using the "interface" command I'm assuming you only have one
IP. (???)

Use the following static commands and don't forget to match them with
ACL permits to the OUTSIDE interface IP inbound.


static (inside,outside) tcp interface www 172.16.0.13 www netmask
255.255.255.255 0 0

access-list 101 permit tcp any host <outside int ip> eq wwww
access-group 101 in interface outside

hope that helps.

Dave




On Sun, 2003-06-01 at 17:36, Aidan O'Rawe wrote:

Hi,

I'm having a bit of trouble with a PIX501, I have issued the following
commands to allow all the internal users to connect through the PIX to the
outside:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface

Everything works fine untill I add a static for an internal web server, then
all internal users can't get to the outside of the PIX anymore.  I
configured this with the
following commands:

static (inside,outside) <External IP> 192.168.1.2 0 8
conduit permit tcp host <External IP> eq 80 any

Does anyone know the right way to go about configuring this properly?

TIA

Arj.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: