Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
2
Replies

Multiple Statics same IP (also question on SNMP)

agoodwin
Level 1
Level 1

‎03-14-2002 04:01 AM - edited ‎03-08-2019 10:03 PM

Hi all,

Can anyone give me some advice on the following please.

If I have: server -> PIX -> router

and I want to allow snmp from the router back to the server I believe I need to create a static from the ip of the router to the ip of the server?

ie:

static (inside,outside) “Router IP” “IP of Server” netmask 255.255.255.255 0 0

then

conduit permit udp host “Server IP” eq snmp host “Router IP”

conduit permit udp host “Server IP” eq snmptrap host “Router IP”

if this is correct then am I also able to create another static using the servers ip address for incoming smtp traffic using another address??

If i've forgotten anything important please say.

thanks for your time

Andy

Labels:
0 Helpful
2 Replies 2

sampathsr
Level 1
Level 1

‎03-14-2002 06:31 AM

1. You should not translate the Router IP address to the server's address. this is defnitely not going to work as the server's translated address has to be unique and cannot be the same as that of the Router IP address (I am assuming by router ip address, you are refering to the ethernet interface of the router.

2. SMTP: You have to statically translate the server's ip address to the corresponding MX entry of the SMTP server and then write conduit statements to allow port 25.

3. I have never done this but this is my 2 cents on the snmp:

From the IP persepective, both the IP domains (the internal of the router is in the same IP domain as that of the external of firewall) are known to the firewall. Hence just add the conduit statements - it should just work fine.

Best Regards / Sampath

SampathSR@yahoo.com

New York, NY.

0 Helpful

mhussein
Level 4
Level 4

‎03-16-2002 09:16 AM

Yes, your setup should work, but the static command should be as follows:

static (inside,outside) “Server global ip” “IP of Server” netmask 255.255.255.255 0 0

where "server global ip" is an ip address of your choice that will reside in the "outside" network/subnet (the ip address will be created automatically by the PIX outside interface and will have the same mac address). If the PIX outside interface and the router are on the same network/subnet, then the global ip address should be in the same subnet as well. If however the router is on a remote subnet/network, you need to add a static route to it in the PIX.

As for the conduits, use the "server global ip" instead of the "Server IP (local)"

Regards,

Mustafa

0 Helpful
Customers Also Viewed These Support Documents