I've setup several PIX boxes with 6.x and have had no problems whatsoever,
certainly never had to use a port in a static statement. I tend to use
basic configurations on firewalls...the simpler the better, and setup my
statics first, and then apply the ACL(s) or conduits next.
If you're sure you can't add a static without ports, I would suspect
corruption, possibly the image, flash, or whatever. Try imaging the box
with a fresh download of the PIXOS.
---
Rik Guyler
-----Original Message-----
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 7:22 PM
To:
Subject: Re: Pix static NAT error UPDATE [7:15169]
ok,
this is straight from Cisco's web site for code 6.0 on the pix.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/conf
ig.htm
It does indeed show this example:
static (inside,outside) 10.42.1.0 10.3.1.0
which should work...
-Patrick
>>> "Kevin McIntyre" 08/08/01 07:01PM >>>
I am using Pix software ver 6.0(1) and it won't allow me to not specify a
port. I seem
to be forced into specifying the smtp in the command line.
It did sound like a good idea though.
Kevin
Patrick Ramsey wrote:
> try doing a normal static mapping, then use acl's to allow smtp traffic
> through...ie:
>
> static (inside,outside) 192.168.250.16 10.2.48.50 netmask 255.255.255.255
0 0
>
> -Patrick
>
> >>> "Kevin McIntyre" 08/07/01 06:12PM >>>
> I have the following line in a PIX 506 for static natting to an inside
> server.
>
> static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
> 255.255.255.255 0 0
>
> When the Pix is started this will work for a short period of time and
> then will stop answering to connections on port 25 at all. The log on
> the server that it actually connects to says an unsuccessful attempt was
> made to connect but won't accept messages.
>
> When I try to send mail using the server from inside the PIX, directly
> to 172.16.1.21, the server itself is running fine.
>
> There is a 3640 router between the pix and the smtp server both with
> static routes.
>
> Any ideas?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15399&t=15169
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
