topic Re: PAT with PIX in Network Security

PAT with PIX

admin_2 — Fri, 21 Feb 2020 07:19:48 GMT

Hi,

Currently we have a small DMZ running it's own IP range and the addresses are running out. To overcome this problem we are moving to using PAT with the outside interface IP. The end goal is to provide services spread out over three servers in the DMZ by using 1 IP address.

I have started with the port for mail but I cannot get it to work.

The book tells me to add the following line

static (inside,outside) tcp ip_outside 25 ip_dmz 25 netmask 255.255.255.255 0 0

When I add this line using the CLI it shows up the GUI. But a connection to the ip_outside:25 gives me nothing.

No luck even when I make a rule allowing traffic to the ip_dmz:25 from ANY OUTSIDE source.

What am I missing?

Re: PAT with PIX

mostiguy — Tue, 06 Apr 2004 10:37:43 GMT

you still need to open the port in the access list bound to the outside interface,

Re: PAT with PIX

Tue, 06 Apr 2004 11:42:02 GMT

Thanks for the answer. So you saying that besides the static mapping you need to create a rule allowing traffic from ANY OUTSIDE source to the IP ADDRESS of the server. I cannot make a rule allowing ANY SOURCE on the outside to the IP address of the OUTSIDE interface, but I can to the IP of the server in the DMZ. But no luck yet. I will try again and let you know.

Re: PAT with PIX

mostiguy — Tue, 06 Apr 2004 13:07:48 GMT

you need to allow from any to the port of the service on the ip that you are using.

Re: PAT with PIX

Tue, 06 Apr 2004 13:55:45 GMT

I am using the IP address of the external interface of the PIX to connect to from the Internet. A rule allowing ANY from OUTSIDE to the IP of the OUTSIDE interface for this port is not allowed. When creating a rule allowing traffic from ANY source on the Internet to the IP I am using on the DMZ, a 10.5.x.x address. This rule still does not give me a connection.