Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

Problems wit a Pix 501

admin_2
Level 3
Level 3

‎03-09-2004 04:02 AM - edited ‎02-20-2020 11:16 PM

Hi,

I am having problems with configuration of a Pix 501. This is the first time that I have set up one, and I can't get inward NAT to work. Here is a copy of my configuration :

The problem is, is that if I try to open a http session to 193.x.x.67 from an external source, I don't get any response. The internal server (192.168.1.200) does not get have to the internet, but all other internal PC's do.

Any help would be greatly appreciated!

Brgds,

Matthew Reed

PIX Version 6.3(1)

interface ethernet0 10baset

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxx

passwd xxxx

hostname test

domain-name test.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list acl_in permit icmp any any

access-list acl_out permit icmp any any

access-list acl_out permit tcp any host 193.100.10.67 eq www

access-list acl_out permit tcp any host 193.100.10.67 eq pop3

access-list acl_out permit tcp any host 193.100.10.67 eq smtp

access-list outside_access_in permit tcp any eq www host 193.100.10.67

access-list outside_access_in permit tcp any eq smtp host 193.100.10.67

access-list outside_access_in permit tcp any eq pop3 host 193.100.10.67

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 193.x.x.x 255.255.255.0

ip address inside 192.168.1.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.1.200 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 600

global (outside) 1 x.x.x.67 - 193.100.10.69 netmask 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 193.100.10.67 192.168.1.200 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

rip inside passive version 1

rip inside default version 1

route outside 0.0.0.0 0.0.0.0 193.100.10.65 1

timeout xlate 0:05:00

0 Helpful
2 Replies 2

dlitvine
Level 1
Level 1

‎03-09-2004 04:46 AM

Hi, Mathew..

You have a little bit complex configuration. As I understand you would like to translate statically to 192.168.1.200 - internal host to be seen from outside as 193.100.10.67...

You should only add two commands to complete this:

static (inside,outside) 193.100.10.67 192.168.1.200 netmask 255.255.255.255 0 0

and

access-list outside_access_in permit tcp any eq www host 193.100.10.67

you don't need to use

global (outside) 1 193.100.10.67 - 193.100.10.69 netmask 255.255.255.0

command. And another issue is very important - you should provide correct default gateway information for host 192.168.1.200...

Regards,

Dmitri

0 Helpful

doliver
Level 1
Level 1

‎03-09-2004 08:45 AM

Here are the only two commands that you should need.

static (inside,outside) 193.100.10.67 192.168.1.200 netmask 255.255.255.255 0 0

access-list outside_access_in permit tcp any host 193.100.10.67 eq www

Also, you should issue a 'clear xlate'

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card