• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

PIX 501

S

stimpyman77

Member
Hi all,

Was doing some tinkering on the PIX 501 Software Version 6.3(5) and I can't seem to find the correct verbage for specifing a static map when the WAN uses DHCP. How is it configured so that it will use whatever IP is assigned? Can someone point me in the right direction? If I understand it right, you need to statically map the outside interface to the inside ip of the machine that will be receiving the connection. Is this not the case?

Say for example trying to forward port 31099 to an internal machine of 192.168.0.5

I was looking at this as a reference. How would that scenario work in the case where I am using PAT / overload.

Thanks!
 
Nightowl :beer: for you! Thank you very much. That clears it up completely. Nice linkage, it has been added to the bookmarks...

Thanks again!

I did not want to make another thread I will just edit here...

I understand what they are saying in the link you provided Nightowl, but I am still a little stuck. I can get the FTP access working but by mapping the outside interface to my FTP server on the inside, I end up killing the PAT that is happening for the rest of the network it almost seems like I need to be using 2 public ip's to accomplish this.


I want to be able to nat my 192.168.0.0 network while still being able to specify static mappings to provide services from hosts on the inside network. It also seems that I have to specify the wan IP on lines 4-5 to get it to work but if the DHCP WAN address changes these lists will have to be manually changed and that should not be, IMHO.

My access lists are as follows

access-list 100; 5 elements
access-list 100 line 1 permit icmp any any echo-reply (hitcnt=98)
access-list 100 line 2 permit icmp any any time-exceeded (hitcnt=57)
access-list 100 line 3 permit icmp any any unreachable (hitcnt=12)
access-list 100 line 4 permit tcp any host **WANIP** eq 55000 (hitcnt=27)
access-list 100 line 5 permit tcp any host **WANIP** range 63090 63100 (hitc
nt=5)

Nat / global statements are as follows

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (internet) 1 interface

access-group 100 in interface internet

If more information is needed let me know.. I know that I am probably making this harder than it is and overthinking it.. if anyone can help me pull my head out of my ass on this it will be you guys!!

Thanks... (Bashing head on desk)

Stimpyman
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top