Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reconfigure existing 506

Status
Not open for further replies.
Javamahn

Javamahn

Technical User
Mar 14, 2001
143
US
Current configuration is set so all inbound connections are sent to single machine. We are spilting up the web and email so I need to redirect all inbound machine 10.1.1.25 and all inbound mail to 10.1.1.5 I also allow all outbound traffic to NAT: Can someone help me rewrite the following config.
----------------------------------------------------------

global (outside) 1 200.240.10.88
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
static (inside,outside) 200.240.10.86 10.1.1.5 netmask 255.255.255.255 0 0
conduit permit tcp host 200.240.10.86 eq smtp any
conduit permit tcp host 200.240.10.86 eq conduit permit tcp host 200.240.10.86 eq pop3 any

----------------------------------------------------------
I tried rewriting the static to the following
static (inside,outside) tcp 200.240.10.86 225.255.255.255 0 0
static (inside,outside) tcp 200.240.10.86 smtp 10.1.1.5 smtp netmask 225.255.255.255 0 0

The inbound traffic still went to the old server. ARP cache? I also notice cisco references a nat command
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
How is this different from my Nat command?

I Graciously thank anyone who can help me.
Steve Anderson
 
Sort by date Sort by votes
The OS is latest 6.2. I have 3 registered Ip addresses. Currently all DNS resolves to the external address 200.240.10.86 the external interface has .84 and I have .85 unused.
 
Upvote 0 Downvote
HI.

The best solution in my opinion is to use the .85 address for one of the servers, and configure DNS as needed.
If you are worried about DNS propagation times, you can ask your ISP to first lower the TTL for your DNS zone, then the day after make the changes so they will be implemented faster, and restore the original TTL.
You should also ask your ISP (or who that manages your DNS zone) to update the PTR record for the changes.

About the pix config, it is simple and basic, assuming that you change only the address of web server:

static (inside,outside) 200.240.10.85 10.1.1.25
no conduit permit tcp host 200.240.10.86 eq conduit permit tcp host 200.240.10.85 eq
But, if you're using OS 6.21 and PDM 2.02, then I suggest upgrading your configuration to access-list instead of conduit to be more compatible and uptodate.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Is it possible to redirect using only the one registered IP address? Although I know the way to do it would be to redirect static ouside to inside seperately I would like to know if it is possible to use only one external address.

Thank you
 
Upvote 0 Downvote
I realized only after viewing my xlate table that my above static commands had never taken place. after a clear xlate the above command works to Port Redirect the incoming traffic to the proper machines.

Thanks for the help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

thedivaofsteel
  • Locked
  • Question
Adding another Network to our Sonicwall NSA 3500 and existing VPN
Replies
1
Views
98
jkupski
jkupski
ljohnsonSNS
  • Locked
  • Question
Changing ISP's and need to reconfigure Netscreen 5xp
Replies
0
Views
46
ljohnsonSNS
ljohnsonSNS
rockdude
  • Locked
  • Question
Can Sonicwall TZ100 be integrated into a existing woreless network?
Replies
1
Views
53
rphips
rphips
pichels
  • Locked
  • Question
PIX 506e - v6.3(5): syslogging only HTTP/S traffic?
Replies
0
Views
71
pichels
pichels
Ferbert
  • Locked
  • Question
Cisco PIX 506E Config Assistance 1
Replies
8
Views
109
Ferbert
Ferbert

Part and Inventory Search

Sponsor

Back
Top