Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Config with alias and static route issues

Status
Not open for further replies.
prophet30

prophet30

MIS
Jan 31, 2003
3
US
Here is the basics of the config:

PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100

fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000

access-list outside_in permit tcp any host 192.168.x.10 eq domain
access-list outside_in permit udp any host 192.168.x.10 eq domain
access-list outside_in permit tcp any host 192.168.x.10 eq www
access-list outside_in permit tcp any host 192.168.x.10 eq smtp
access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 216.x.x.1 1
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
alias (outside) 216.x.x.2 216.x.x.2 255.255.255.255
ip address outside 216.x.x.2 255.255.255.224
ip address inside 192.168.x.1 255.255.255.0

Alias is something I was trying to utilize so that all communications can go in and out therough the only IP adress on the outside interface. I am not sure if I have that down.

If I add what I believe to be a necessary static route, all browsing, etc to the internet ceases.
Ex.
static (inside,outside) 216.x.x.2 192.168.x.10 netmask 255.255.255.255 0 0

What am I missing or what do I have with the incorrect syntax?

Thanks in advance.
 
Sort by date Sort by votes
HI.

> access-list outside_in permit tcp any host 192.168.x.10 ...
Wrong here.
You should specify the external address:
access-list outside_in permit tcp any host 216.x.x.x ...

> ... all communications can go in and out therough the only IP adress on the outside interface ...
Why?
You have about 30 registered ip addresses, so why not use different address for servers?

> ip address outside 216.x.x.2 255.255.255.224
> global (outside) 1 interface
> static (inside,outside) 216.x.x.2 192.168.x.10
This overlapping is causing your problem.
You should either:
1. Use different IP addresses for pix own interface, global PAT address, and static mapping for your server.
2. Use port mapping (static ... tcp ...) .
I would choose the first solution unless you are very short with registered ip addresses.

Anyway look here:
Cisco - Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
290
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
305
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
329
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
249
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
210
Nitta84
Nitta84

Part and Inventory Search

Sponsor

Back
Top