Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
2
Replies

Returns to client from different IP

michael.ball
Beginner
Beginner

‎06-23-2006 12:45 PM - edited ‎03-09-2019 03:22 PM

I am having trouble understanding why outside udp connections coming in on IP 1.2.3.4 go back out the PIX on 1.2.3.7

My PIX has a /248 mask on the outside interface so it has the range of say 1.2.3.4 to 1.2.3.10 exposed to the outside

These are the commands dealing with the udp traffic:

access-list fromoutside permit udp any host 1.2.3.4 eq 5678

static (inside,outside) udp 1.2.3.4 5678 10.10.10.10 5678 netmask 255.255.255.255

Can anyone nudge me in the right direction?

Labels:
0 Helpful
2 Replies 2

pgalligan
Beginner
Beginner

‎06-25-2006 06:02 PM

Is 1.2.3.7 your outside interface IP, or an IP used in a NAT? Try using a static NAT instead of a static PAT:

static (inside,outside) 1.2.3.4 10.10.10.10

0 Helpful

michael.ball
Beginner
Beginner
In response to pgalligan

‎06-26-2006 08:13 AM

Yes 1.2.3.7 is one of the IP's on the outside interface of the PIX. Unfortunately I cannot use static NAT because once traffic passes the PIX and is in the DMZ some of it (port 25) will go to the Microsoft firewall from there and some of it (the udp ports) will go to a different firewall from there.

I don't understand my nat lines, they are:

global (outside) 1 interface

and

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents