Re: Pix 501 ADSL w/ Static IPs

FermanTyler · ‎04-13-2005

I have searched the forum and couldn't fine a similar problem, so I am sure I must be missing something simple, hence my apologizes upfront! Here is my situation/ problem: I have an ADSL Bellsouth line with 5 Static IPs. It is connected via a Netopia 3347w [Bellsouth provided] which connects to the Pix 501 which connects to our LAN. I am trying to establish (NAT) one of the Static IP's [ex. 10.10.10.10] to a Web Server inside the LAN [ex. 192.168.10.10]. According to Bellsouth, I was instructed to set the Pix 501 to one of the other available Static IP's [ex. 10.10.10.9], and then setup the NAT in the Pix 501. But I still can not get access from the WAN [public] to the internal LAN Web Server. I can PING the Pix 501 from the WAN so I know that much is getting through, but not the assigned WAN address for the Web Server. I have checked the procedures for setting up the Pix 501 [static & access list], but I am obviously missing something. Any help and guidance is deeply appreciated.FT

mhussein · ‎04-13-2005

Hello,

Can you verify that the static translation is working (show xlat)? Is PIX proxy-arping for the server's outside ip (show arp)? Is the Netopia nat'ing to private ip addresses, or is it just routing?

It would be helpful if you could post the pix configs.

Regards,

Mustafa

Patrick Iseli · ‎04-14-2005

Here is a config example for anoter static IP for the HTTP server.

example:

# Permit Access to http from any (Internet)

access-list acl_out permit tcp any host YourPublicIP eq http

# NAT the publi to local IP

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

# Add access-list to interface

access-group acl_out in interface outside

# Reset the translation and ARP table, take care this will reset all connections.

clear xlate

clear arp

sincerely

Patrick