Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
3
Replies

External access config with PPPoE and Dynamic IP on outside interface

rlacroix
Level 1
Level 1

‎06-29-2003 12:14 PM - edited ‎03-09-2019 03:51 AM

I am looking for some help with configuring a PIX 515 (6.3(1)) to allow any traffic on the outside interface (Internet) to access an FTP server on the inside interface. I have tried everything but can not seem to make this work.

Here is the setup:

- Outside interface (E0) is DSL using PPPoE and a dynamic IP assigned by the ISP and is configured using PAT on the PIX (which appears to be the only way to do this when you only have 1 IP address (no IP POOL)).

- Inside interace (E1) is 192.168.1.1 netmask 255.255.255.0

- Inside network is 192.168.1.0 netmask 255.255.255.0

- E1 is connected to a Cisco 2950 switch and has other computers connected to it.

- The FTP server IP is 192.168.1.11 netmask 255.255.255.0

- Since I have cleared the PIX, there are currently no access or translation rules in place other than the PIX defaults. If I try to create translations to the outside interface, PDM reports that it can not do so to the outside interface and since I only have 1 outside IP address, I can not create an address pool for NAT.

I am open to suggestions / help from anyone on this. I am sure that it is possible but I just can not seem to make it work.

Thanks in advance.

Richard

Labels:
0 Helpful
3 Replies 3

mmeditz
Level 1
Level 1

‎06-29-2003 03:06 PM

Hi Richard,

PDM doesn't support all the features of the CLI and this may be an example. It sounds like you want to do port redirection and this document will be helpful in describing how to configure it using the CLI.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

Keep in mind that when you configure the Port Redirection w/ the static command, that you'll also need to permit the FTP traffic through the PIX w/ an ACL applied inbound on the Outside Interface.

C-ya,

Mike

0 Helpful

rlacroix
Level 1
Level 1
In response to mmeditz

‎07-02-2003 07:34 PM

Thanks Mike,

I will give that a shot. I was kind of thinking along the same lines that the PDM does not support the full feature set of CLI.

I will let you know how it works out when I have a minute to test this later this week or next week.

Richard

0 Helpful

rlacroix
Level 1
Level 1
In response to mmeditz

‎07-08-2003 07:58 PM

Hello Mike,

Still no joy on this issue. Here are the commands that I issued.

access-list 101 permit tcp any interface outside eq ftp

static (inside, outside) tcp interface ftp 192.168.1.11 ftp netmask 255.255.255.255 0 0

access-group 101 in interface outside

This resulted in a "connection refused" for inboud and locked out all outbound connections from the other inside users.

Richard

0 Helpful
Customers Also Viewed These Support Documents