Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
7
Replies

STATIC STATEMENT WON'T WORK

robysolutions
Level 1
Level 1

‎12-08-2004 08:52 AM - edited ‎03-09-2019 09:42 AM

I have setup plenty of firewalls using the exact same command and never had trouble until today. I have configured a pix using the following parameters for NAT'ing.

ip address outside 21.106.223.150 255.255.255.128

ip address inside 192.168.1.0 255.255.255.0

nat (inside) 1 0 0

global (outside) 1 interface

static (inside,outside) 12.106.223.131 192.168.1.3

The problem is everytime I enter a static command for any internal IP address that machine can no longer access the internet or go outside of the network (weird thing is sometimes it will work and the configuration is exactly the same). I need these static for webserver purposes. I have used clear xlate and clear arp but nothing. The moment I remove the static command and clear xlate the IP address works fine. What is going on!!! This is a used pix 520 that was purchased a couple of days ago and I am starting to wonder if the device may be defective.

Labels:
0 Helpful
7 Replies 7

robysolutions
Level 1
Level 1

‎12-08-2004 09:23 AM

I made a typo, the outside address is supposed to be 12.106.x.x

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to robysolutions

‎12-08-2004 03:47 PM

Config is fine, please could you check the logg messages on the PIX for error messages.

What version of PIX OS are you using.

Are you sure that this host has not problems with Duplex of other configuration issues, check IP setup and default gateway.

Do you have an access-list on the inside interface?

logg on

logg buffer info

show logg

sincerley

Patrick

0 Helpful

robysolutions
Level 1
Level 1
In response to Patrick Iseli

‎12-08-2004 04:13 PM

version 6.4(3)

the host can ping fine when the static statement is removed and a clear xlate command is issued. There is no access-list applied to the inside interface, only outside allowing ICMP.

0 Helpful

robysolutions
Level 1
Level 1
In response to robysolutions

‎12-08-2004 04:15 PM

Correction:

Version 6.3(4)

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to robysolutions

‎12-08-2004 07:23 PM

What are the logging messages when you connect from the outside to your web server ?

Have you verified your Server setup ?

is duplex mode on switch and Server the same ?

Routing ok, default gateway = PIX ?

sincerely

Patrick

0 Helpful

robysolutions
Level 1
Level 1
In response to Patrick Iseli

‎12-08-2004 08:00 PM

The problem isn't that I can't access the server from the outside, but rather that the server can't pass throught the pix when a static command is issued referencing the local inside ip address to a global IP address. The moment I remove that static and allow the server to be PAT'ed, it works fine. It can pass through the PIX. The duplex modes are all fine and so is the gateway because all machines on the inside of the firewall can route outside just fine until I use any type of static command.

0 Helpful

sachinraja
Level 9
Level 9
In response to robysolutions

‎12-09-2004 02:41 AM

what services are u running on that server ? please try opening ports from outside and see if you are able to reach the server on that port from outside. for eg, if it is a web server, try telnetting the natted IP on port 80 from the router and see if NAT is happening fine.

also, try changing the outside IP to someother unused public IP and then try connecting from outside.

Hope your ISP routes the entire pool of public IP. Do a static and try doing a reverse trace from route-server.ip.att.net. see where it drops. might be something to do with ur ISP...

Raj

0 Helpful
Customers Also Viewed These Support Documents