PIX 506 Config Question

[lostandfound]

Here is my problem:

I have been given an IP range by my ISP of x.x.x.193-222. .193 has been assigned to the router interface and the router configuration has divided the remaining IPs into 2 subnets to allow the x.x.x.194 IP to be the outside interface on the PIX and x.x.x.209 is the inside interface on the PIX. The netmask for both subnets is 255.255.255.240.

I am trying to set up an FTP server at an internal box assigned IP x.x.x.212. NAT on the firewall is off as I need to allow access from the outside to all the servers behind my firewall. Specifically I need to allow IDENT and FTP traffic. What config command line do I need to use???

I have tried the following:
static (inside,outside) x.x.x.194 x.x.x.212 netmask 255.255.255.240 but I get an error message about global IP and the netmask.

I also know I need to add an access-list line for FTP and IDENT but I can't do thhat until I resolve the static command problem.

Needless to say I am not exactly a PIX expert (though I've learned alot in the past 2 weeks.

Does anyone have any advice on this problem. I am sure it is something simple but heck if I know what it is.

Thanks in advance,

Jon

 

[N0ktar]

Don't use STATIC command with NAT disabled. It is meant to map public to private IP. You don't need to do that. Just open TCP ports 21 and 113.

 

[ChrisAC]

Your inside network (LAN side of the PIX) should be on private addressesing, not public IP's! You then allow access to your servers by statically NATing them to a live address, even though the boxes are configured with a private LAN address.

Chris.
************************
Chris Andrew, CCNA
chris@iproute.co.uk
************************