[fw-wiz] PIX501 PAT and Static NAT problems

From: Aidan O'Rawe (a.orawe_at_ntlworld.com)
Date: 06/01/03

  • Next message: R. DuFresne: "Re: [fw-wiz] checkpoint port-redirection question"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Sun, 1 Jun 2003 22:36:12 +0100
    

    Hi,

    I'm having a bit of trouble with a PIX501, I have issued the following
    commands to allow all the internal users to connect through the PIX to the
    outside:

    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    global (outside) 1 interface

    Everything works fine untill I add a static for an internal web server, then
    all internal users can't get to the outside of the PIX anymore. I
    configured this with the
    following commands:

    static (inside,outside) <External IP> 192.168.1.2 0 8
    conduit permit tcp host <External IP> eq 80 any

    Does anyone know the right way to go about configuring this properly?

    TIA

    Arj.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: R. DuFresne: "Re: [fw-wiz] checkpoint port-redirection question"

    Relevant Pages

    • RE: [fw-wiz] PIX501 PAT and Static NAT problems
      ... >outside interface, why would I care? ... >>commands to allow all the internal users to connect through the PIX to the ... >>all internal users can't get to the outside of the PIX anymore. ... >>Does anyone know the right way to go about configuring this properly? ...
      (Firewall-Wizards)
    • Re: PIX Static NAT rules interfering with Interface PAT
      ... > commands to allow all the internal users to connect through the PIX to the ... > all internal users can't get to the outside of the PIX anymore. ... access-group out-to-in in interface outside ...
      (comp.security.firewalls)
    • RE: [fw-wiz] PIX501 PAT and Static NAT problems
      ... use the "interface outside" cli syntax instead of "any host". ... >commands to allow all the internal users to connect through the PIX to the ... >all internal users can't get to the outside of the PIX anymore. ... >Does anyone know the right way to go about configuring this properly? ...
      (Firewall-Wizards)
    • PIX Static NAT rules interfering with Interface PAT
      ... I'm having a bit of trouble with a PIX501, ... commands to allow all the internal users to connect through the PIX to the ... all internal users can't get to the outside of the PIX anymore. ...
      (comp.security.firewalls)