• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cannot access external network w/o static NAT

C

Cooky

Golden Member
I was working on our Pix firewall and noticed an entry that maps a server's internal IP to an external public IP through static NAT.

I then deleted that entry because the server is one of our Windows DC's and I don't see why it has to be made available outside of our internal network.

After I removed that line, the server cannot access anything but our internal network. So I put that line back and the connection is back.

Why would static NAT affect whether or not that server can access external networks??
 
Check your DHCP pool settigns and everything that would affect a new computer when getting on the net.

I assume that the DC has a static IP.....that might need to be modified.
 
It was the DC server that couldn't get to external network...what does DHCP have to do w/ it??
DHCP scope is completely different from the static IP ranges anyway...

I suspected something wrong w/ the Pix; after a reload the server can connect w/o a problem.
 
Originally posted by: Cooky
It was the DC server that couldn't get to external network...what does DHCP have to do w/ it??
DHCP scope is completely different from the static IP ranges anyway...

I suspected something wrong w/ the Pix; after a reload the server can connect w/o a problem.
Click to expand...

What a rude response to a guy who's just offering some ideas...

 
Originally posted by: Cooky
It was the DC server that couldn't get to external network...what does DHCP have to do w/ it??
DHCP scope is completely different from the static IP ranges anyway...

I suspected something wrong w/ the Pix; after a reload the server can connect w/o a problem.
Click to expand...

cooky, what probably happened is there was still the static address translation on the pix. removing the static from the config didn't delete the translation.

whenever you make any nat changes you must clear the xlate table.

clear xlate *

Never forget rule #1 - it is NEVER a network problem
😉
 
also, you have to
allow any any
as the last rule in your pix config. of course this also depends on the model pix and ios version
i have found in the older versions, if you do not have that line, and the traffic going in or out of that box do not match an allow rule, it drops the packets
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top