Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2217
Views
0
Helpful
18
Replies

Backup through PIX 501

Go to solution
sebastianvetter
Level 1
Level 1

‎05-27-2010 07:04 AM - edited ‎03-11-2019 10:51 AM

Hello,

i have a network splittet with a pix. The 192.168.111.0 at the outside interface of the PIX and the 192.168.110.0 at the inside interface.

From the inside interface everything to the extern (192.168.111.0 network) is allowed. But no access from 192.168.111.0 to 192.168.110.0 (internal interface of the PIX) is allowed.

Now i need to backup from network 192.168.111.0 servers who are locatet at the 192.168.110.0 network.

There is a way that the PIX allow the special Ports of the backup program and block rest of the traffic as it do at moment?

The Ports are:

TCP 10000 outgoing

TCP 1025 – 65536 outgoing                 

TCP 445 outgoing

UDP 135 send

Thanks

Labels:
67019-PIX Config.txt.zip
0 Helpful
18 Replies 18

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to sebastianvetter

‎06-03-2010 06:59 AM

Yes this command is correct.

static (inside,outside) 192.168.110.0 192.168.110.0 netmask 255.255.255.0

And it is called static Identity NAT.

You're matching 192.168.110.0/24 against a NAT rule that translates the network to itself.

This is done when you must match a NAT rule to be allowed to pass traffic, but you don't actually want to change the real IP address.

Federico.

0 Helpful

Go to solution
sebastianvetter
Level 1
Level 1
In response to Federico Coto Fajardo

‎06-07-2010 06:33 AM

Hi Federico,

if i apply your commands i can successfully acces the server at 192.168.110.0 subnet with the backup programm.

But i lose the connection from 192.168.110 subnet to 192.168.111.0.

The 192.168.110.0 subnet dont have any access to internet or other ressources at 192.168.111.0 subnet.

Only IP 192.168.111.100 works.

If i reset the PIX all worked fine. Try to set the commands second time the same issues occour.

I attached the config before the changes (Config1) and after the changes (Config2)

Any idea?

67494-Config1.txt.zip
0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to sebastianvetter

‎06-08-2010 06:04 AM

Sebastian,

I suggest that instead of this command:

static (inside,outside) 192.168.110.0 192.168.110.0

Just have the static with the correct ports

i.e

static (inside,outside) tcp 192.168.110.10 80 192.168.110.10 80

static (inside,outside) tcp 192.168.110.10 80 192.168.110.10 80

The above commands is to be able to acess server 192.168.110.10 on port 80 and port 3389.

The advantage of doing it like this is that the 192.168.110.x will still have internet access.

Federico.

0 Helpful

Go to solution
sebastianvetter
Level 1
Level 1
In response to Federico Coto Fajardo

‎06-21-2010 07:04 AM

Hi Federico,

works fine this way

Thanks for your help!

Sebastian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card