hi, Thanks I tried "static (inside,outside) tcp interface ftp armada ftp netmask 255.255.255.255 10 0" where armada is the name of the internal ftp server, I also used a conduit permit ip any any and I still can't ftp to it. I should also mention there is another problem unless I use a conduit permit icmp any any I cannot ping out, if I prefix this with a "no" so I can't ping, people on the net can still ping my pix, there is nothing in the config in the way of access lists etc. Having read the section in the book a pix by default should allow internal users to ping out but not the other way around, is there a fix for this also?
thanks ""brian charles"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you have version 6.0 or greater you can do port redirection with the > static command. Create an acl to allow the traffic > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.h tm#xtocid20 > > > static > Maps a local IP address to a global IP address (NAT) and supports TCP and > UDP port redirection (static PAT). (Configuration mode.) > > [no] static [(internal_if_name, external_if_name)] {tcp | udp} {global_ip | > interface} global_port local_ip local_port [netmask mask] [max_conns > [em_limit]] [norandomseq] > > show static Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45966&t=45945 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
