>>> Having read the section in the book a pix by default should allow internal users to ping out but not the other way
around, is there a fix for this also? That is not true. Handling ICMP Pings with the PIX Firewall http://www.cisco.com/warp/public/110/31.html Use "conduit permit icmp any any echo-reply". Before you try to FTP, try to telnet on port 21. What is the default gateway of the FTP server? Enable "logging buffer info" and check "sh log" for the build or teardown messages for the FTP server's ip address.. -- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Parmjit Sent: Thursday, June 06, 2002 12:34 PM To: [EMAIL PROTECTED] Subject: Re: PIX 506 port translation with DHCP [7:45945] hi, Thanks I tried "static (inside,outside) tcp interface ftp armada ftp netmask 255.255.255.255 10 0" where armada is the name of the internal ftp server, I also used a conduit permit ip any any and I still can't ftp to it. I should also mention there is another problem unless I use a conduit permit icmp any any I cannot ping out, if I prefix this with a "no" so I can't ping, people on the net can still ping my pix, there is nothing in the config in the way of access lists etc. Having read the section in the book a pix by default should allow internal users to ping out but not the other way around, is there a fix for this also? thanks ""brian charles"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you have version 6.0 or greater you can do port redirection with the > static command. Create an acl to allow the traffic > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref /s.h tm#xtocid20 > > > static > Maps a local IP address to a global IP address (NAT) and supports TCP and > UDP port redirection (static PAT). (Configuration mode.) > > [no] static [(internal_if_name, external_if_name)] {tcp | udp} {global_ip | > interface} global_port local_ip local_port [netmask mask] [max_conns > [em_limit]] [norandomseq] > > show static Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45999&t=45945 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
