04-09-2015 02:27 AM - edited 03-11-2019 10:45 PM
Hello People
When I accepted a new assignment I had no Idea these guys still housed a CISCO PIX 6.3(5) which I havent played with for years
All im trying to do is mimic existing configuration albeit changing IP address
The request is simple but Im not having any joy from the end client who cant connect.
Create a NAT between 172.16.48.X and 194.78.166.82 in the Belgium PIX.
Open the ports 80 and 443.
The connections will be accepted ONLY from the following IPs:
- aa.bb.cc.195 (client X)
- aa.bb.cc.184 (client Y)
Have only the Client X and Y connect to the IP 172.16.48.X which is Natted to 194.78.166.82
I created the NAT as per below
static (inside,outside) 194.78.166.82 172.16.48.50 netmask 255.255.255.255 0 0
and permitted ACLS for Client X and Y
access-list Outside_access_in permit tcp host aa.bb.cc.195 host 172.16.48.50 eq www
access-list Outside_access_in permit tcp host aa.bb.cc.195 host 172.16.48.50 eq https
access-list Outside_access_in permit tcp host aa.bb.cc.184 host 172.16.48.50 eq www
access-list Outside_access_in permit tcp host aa.bb.cc.184 host 172.16.48.50 eq https
I have a default route on the PIX for
outside 0.0.0.0 0.0.0.0 81.246.53.xx 1 OTHER static
I have simply copied existing configurations but im getting no joy from the remote client. Do i need anything else to configure? PLEASE HELP ME
Solved! Go to Solution.
04-09-2015 04:50 AM
Have only the Client X and Y connect to the IP 172.16.48.X which is Natted to 194.78.166.82
Do you mean the above or do you mean the clients are meant to connect to 194.78.166.82 and then that is translated to 172.16.48.50 ?
I ask because your static is from inside to outside and your acl is applied to the outside interface so I assume you mean the clients connect from outside and you translate the IP to 172.16.48.x which is on the inside ?
If so your acl is wrong.
You need to use the public IP in the acl not the private IP of the server.
If I have misunderstood please clarify.
Jon
04-09-2015 04:50 AM
Have only the Client X and Y connect to the IP 172.16.48.X which is Natted to 194.78.166.82
Do you mean the above or do you mean the clients are meant to connect to 194.78.166.82 and then that is translated to 172.16.48.50 ?
I ask because your static is from inside to outside and your acl is applied to the outside interface so I assume you mean the clients connect from outside and you translate the IP to 172.16.48.x which is on the inside ?
If so your acl is wrong.
You need to use the public IP in the acl not the private IP of the server.
If I have misunderstood please clarify.
Jon
04-09-2015 06:00 AM
Hi Jon Marshall
Thanks for your input and yes you are correct. I had to change the ACL to use the public IP instead of the private, that has got me a few times with NAT on different platforms but really appreciate your input.
Thanks
AV
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide