RE: [fw-wiz] No connection once the translation rules are applied

From: Joshua Vince (Josh.Vince_at_bcgsys.com)
Date: 12/11/03

Next message: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"

Previous message: Dilip M: "[fw-wiz] Rules for mailserver which is in internet zone ??"
Maybe in reply to: geoffreyh_at_frontlinedefensesystems.com: "[fw-wiz] No connection once the translation rules are applied"
Next in thread: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <geoffreyh@frontlinedefensesystems.com>, <firewall-wizards@honor.icsalabs.com>
Date: Thu, 11 Dec 2003 09:13:54 -0500

Your static command should be:

static (inside,outside) xxx.xxx.xxx.xxx 192.168.1.10 netmask 255.255.255.255 0 0

where xxx.xxx.xxx.xxx is another valid routable IP address in the same subnet as the outside address that is being routed to you by your ISP.

Josh

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of
geoffreyh@frontlinedefensesystems.com
Sent: Thursday, December 11, 2003 8:10 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] No connection once the translation rules are applied

I have a 501 v. 6.3(1). I am attempting to establish a PPTP VPN server
(192.168.1.10) behind the firewall. I lose Internet connectivity once I apply
the translation rules. I do not have an electronic copy available, but here is
a quick synopsis of the pertinent entires.

fixup protocol pptp 1723
access-list outside_access_in permit gre any host 192.168.1.10
access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp
access-list outside_access_in permit icmp any any echo-reply
ip address outside xxx.xxx.xxx.xxx 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside

What am I missing here?

Geoff

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"

Previous message: Dilip M: "[fw-wiz] Rules for mailserver which is in internet zone ??"
Maybe in reply to: geoffreyh_at_frontlinedefensesystems.com: "[fw-wiz] No connection once the translation rules are applied"
Next in thread: Melson, Paul: "RE: [fw-wiz] No connection once the translation rules are applied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[fw-wiz] No connection once the translation rules are applied
... I am attempting to establish a PPTP VPN server ... behind the firewall. ... access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp ... access-group outside_access_in in interface outside ...
(Firewall-Wizards)
CEF causing http to hang/stop on 1712
... access-list 101 permit udp any any eq domain ... access-list 101 permit tcp host 192.168.xxx eq 3389 any established ...
(comp.dcom.sys.cisco)
[fw-wiz] Pix 525 NAT!
... and my firewall is in zone0. ... access-list zone00 permit tcp any any ... access-group zone00 in interface zone00 ...
(Firewall-Wizards)
Cisco 1721 Router
... aaa authentication login TRAuthList group radius local ... crypto map nemap client authentication list vpnauthen ... access-list 102 permit udp any any eq isakmp ...
(comp.dcom.sys.cisco)
Cisco IOS VPN with NAT
... crypto map clientmap client authentication list userauthen ... access-list 1 permit 10.1.2.0 0.0.0.255 ... access-list 100 permit tcp any host 1.1.1.1 eq ftp-data ...
(comp.dcom.sys.cisco)