Re: PIX -- Cannot locate the static xlate [7:19512]

Wed, 12 Sep 2001 06:30:18 -0700 

Translate first, then punch a hole in the ASA(Adaptive Security Algorithm)
with either a conduit or ACL.
Static (inside,outside)   
I like to think of it as Static (highsecurity,lowsecurity) 
 
Default interface securities are outside 0, inside 100. Sessions can be
initiated from high security to low security as long as there is some kind
of translation or specified no translation with NAT 0. To go from a low
security interface to a high security interface, there must be translation,
either to itself, or to another address and then a conduit/ACL to allow the
session to be established.

MikeN

""pierreg""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have a Web server on the internal side of the firewall (10.1.1.13)
> I am trying to open port 80 of the firewall to internet traffic
> I get the error message: "Cannot locate the static xlate"
> when I enter the command:
>
> pixfirewall(config)# conduit 102.162.86.52 80 tcp 0
>
> What am I doing wrong? My configs are below:
>
> PIX Version 4.0.7
> enable password 2KFQnbNIdI.2KYOU encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname pixfirewall
> no failover
> names
> syslog output 20.3
> no syslog console
> interface ethernet outside 10baset
> interface ethernet inside 10baset
> ip address inside 10.1.1.10 255.255.255.0
> ip address outside 102.162.86.53 255.255.255.128
> arp timeout 14400
> global 1 102.162.86.52-102.162.86.52
> nat 1 0.0.0.0 0.0.0.0
> age 10
> no rip outside passive
> no rip outside default
> no rip inside passive
> no rip inside default
> route outside 0.0.0.0 0.0.0.0 102.162.86.1 1
> timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
> timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
> http 10.1.1.13 255.255.255.255
> no snmp-server location
> no snmp-server contact
> telnet 10.1.1.13 255.255.255.255
> mtu outside 1500
> mtu inside 1500




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19530&t=19512
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to