Re: pix os 7.0 (1) problem with static nat to claster

lanosys · ‎08-11-2005

I have a SMTP server on claster on inside interface of PIX and SMTP server in DMZ.

I need connect claster server with server in DMZ.

from my config

...

static (inside,dmz) 192.168.1.100 172.17.2.5 netmask 255.255.255.255

static (inside,dmz) 192.168.1.101 172.17.2.101 netmask 255.255.255.255

static (inside,dmz) 192.168.1.102 172.17.2.102 netmask 255.255.255.255

...

192.168.1.4 - ip addres of SMTP server in DMZ

172.17.2.5 - ip addres logical interface SMTP in inside

172.17.2.101 - ip addres phisical interface SMTP in inside

172.17.2.102 - ip addres phisical interface SMTP in inside

but

telnet from 192.168.1.4 to 172.17.2.5 25 don't work!

tel me please Why???

this config in pix os 6.3 work!

harishtandon23 · ‎08-15-2005

Hello Ianosys,

Please try to telnet from 192.168.1.4 to 192.168.1.100 25 instead..

As we are trying to telnet from the dmz server, and we need to telnet to the translated ipaddress of the inside server instead of the physical ip address of inside server.

If you have any questions, please feel free to contact me.

Thanks & Regards,

Harish Tandon

harishtandon23@gmail.com

lanosys · ‎08-15-2005

thank you for answer.

I mystaped.

telnet from 192.168.1.4 to 192.168.1.100 25 don't work

new info:

if a SMTP server in DMZ is not cluster and have 1 physical Ethernet interface - all work fine with my config. (I put test server instead cluster).

maybe packets blocking with any new antispoofing mechanism of PIX OS 7.0 ???