07-10-2007 07:08 AM - edited 03-11-2019 03:42 AM
I upgraded a PIX 515 from 6.3 to 7.22 and after the upgrade static NAT fails for the NAT translations using the same IP as the outside interface. I see the connection being dropped before it hits my outside access-list with PIX7-2-710002 tcp drop ip to ip? Worked fine in 6.3 Im sure its just a simple command that needs to be added.
Any ideas ?
07-10-2007 07:12 AM
What do the statics look like? Are you using the keyword "interface" instead of the ip address?
static (inside,outside) tcp interface smtp 192.168.1.1 smtp netmask 255.255.255.255
07-10-2007 07:21 AM
After the upgrade it looks like this:
interface Ethernet0/0
nameif outside
security-level 0
ip address 203.xxx.xxx.14 255.255.255.252
nat-control
global (outside) 1 interface
nat (inside) 0 access-list NoNAT
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255
so my static point's to IP is this a problem in 7.x
07-10-2007 01:15 PM
Before upgrade:
static (inside,outside) tcp 203.xxx.xxx.14 smtp 192.168.1.51 smtp netmask 255.255.255.255
being 203.xxx.xxx.14 outside IP address
After upgrade it should looks like this...
static (inside,outside) tcp interface smtp 192.168.1.51 smtp netmask 255.255.255.255
Try it
07-10-2007 06:21 PM
Yes, as I wrote before you want to replace "203.xxx.xxx.xxx.14" with the keyword "interface. That should do the trick.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide