Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1100
Views
0
Helpful
18
Replies

Static Translation Problems

cmelbourne
Level 1
Level 1

‎11-27-2003 01:47 AM - edited ‎03-09-2019 05:40 AM

We have an internet connection from a pix 515e via a leased line router.

the users can access the internet no problem and also we can get people accessing our web server but we have no outbound or inbound email.

we have our own internal email server.

out internal email server is set to 192.168.1.3 and we have a static command in the pix to say

static (inside,outside) 1.1.1.1 192.168.1.3

(1.1.1.1 has been changed for security purposes)

so the real world address for out mail server is 1.1.1.1 and this is translated to 192.168.1.3 this does not work, no email at all.

but, we have a web server 1.1.1.2 real world address which gets translated to 192.168.1.11 and this works without any problems.

outbound internet is also working perfectly.

please see our config below.

: Saved

:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password xxxxx

passwd xxxxx

hostname TheWall

domain-name xxx.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list 101 permit tcp any host 1.1.1.1 eq smtp

access-list 101 permit tcp any host 1.1.1.2 eq www

access-list 101 permit tcp any host 1.1.1.2 eq login

access-list 101 permit icmp any any

access-list 101 permit icmp any any echo

access-list 101 permit icmp any any echo-reply

pager lines 24

logging on

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside 1.1.1.10 255.255.255.0

ip address inside 192.168.1.10 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 1 interface

access-group 101 in interface outside

conduit permit icmp any any

conduit permit udp any any

route outside 0.0.0.0 0.0.0.0 1.1.1.100

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxxxx

: end

Labels:
0 Helpful
18 Replies 18

jackko
Level 7
Level 7
In response to cmelbourne

‎12-10-2003 08:20 PM

unfortunately there is a bug with os 6.3(1). please try to ungrade the os.

0 Helpful

cmelbourne
Level 1
Level 1
In response to jackko

‎12-11-2003 12:53 AM

Thanks for the info,

I have version 6.2(3).

are you aware of any bugs in this

0 Helpful

cabell911
Level 1
Level 1
In response to cmelbourne

‎12-14-2003 06:32 PM

It appears to me that you dont have an ACL set for the inside address of 192.168.1.3. I only see them set for .2 and .1

0 Helpful

tvanginneken
Level 4
Level 4
In response to cmelbourne

‎12-15-2003 06:32 AM

Hi,

I can see in the config that you are mixing conduits and ACL's. This is not recommended! Could you try removing the conduit command (and do a 'clear xlate') for a moment and see what happens?

Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents