05-27-2004 02:02 PM - edited 02-20-2020 11:25 PM
OK, I am trying to add another static NAT mapping. Prior to today, we have been using PAT for all our internal addresses, except for 1 mail server that is statically mapped to 1 public address (different, of course, than the PAT public address). Now I want to add a second static NAT entry for a web server. However, the command that I put in, which is exactly like the mail server's doesn't work.
I tried a number of troubleshooting steps, including adding a permit access-list on the internal router to see if the translation was working, but the end device was not responding (not the case). I also have checked and double-checked the access-lists; the same access-list that allows access to the mail server allows access to the web server.
In frustration, I tried changing the existing static command for the mail server to point to the internal address of the web server. this is where it got weird. The translation worked, but still translated to the mail server's address. I went so far as to completely remove the static command, and the mail server is still receiving mail and working fine. I'm stumped. Do I need to apply changes in some way? There is nothing else in the configuration that could possibly translate this address.
Any help would be appreciated.
Chris
05-27-2004 05:33 PM
clear xlate wipes clean the connection translate table. you generally need to issue it whenever you make a change to static global and/or nat commands.
since it wipes the table, it breaks all connections going thru the pix when you issue it, so you might want to do it off hours.
05-27-2004 05:35 PM
Did you try the clear xlate command after you entered the new static? Is it different from that mail static IP and IP being used for PAT? I.E., do you now have a 3rd IP address that can be used for a static? You can't have 2 different statics with the same external going to different internals.
you might try doing the following:
clear xlate (this will clear your old stuff)
static (inside,outside) external ip internal ip netmask 255.255.255.255 0 0
static (inside,outside) exteral #2 internal #2 netmask 255.255.255.255 0 0
clear xlate
Let me know if this works. If not, post your config
05-28-2004 05:43 AM
clear xlate was exactly the thing that I needed. I thank you, sir (or ma'am, as the case may be)
And, yes, I am using a third, unique address for the web server, different from the mail and PAT addresses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide