Thanks, i resolve the problem with the next line. global (real) 1 q.w.r.4
And the users in inside see the user in the real. i use PAT the lines of nat in real is in use. On Wed, 2002-01-09 at 18:32, Glenn Shiffer wrote: > Get rid of: > > nat (real) 0 q.w.r.5 255.255.255.255 0 0 > nat (real) 0 q.w.r.6 255.255.255.255 0 0 > nat (real) 0 q.w.r.7 255.255.255.255 0 0 > > Instead use: > > nat (real) 0 access-list real > > access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.5 > 255.255.255.255 > access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.6 > 255.255.255.255 > access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.7 > 255.255.255.255 > > You can tighten these as you need after you get things working. > > And, while you're at it, why these two lines? > > conduit permit tcp any range 1024 65535 any > conduit permit udp any range 1024 65535 any > > You may want to have a look at: > > http://www.cisco.com/warp/public/707/index.shtml#IOS > > > Glenn > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Johnny Gonzalez > Sent: Wednesday, January 09, 2002 6:01 PM > To: bob bobing > Cc: Lista de firewall > Subject: Re: forwarding in interfaces ethernet > > I no use syslog. > I have this configuration in my pix: > > > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 real security10 > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > ip address outside x.y.z.130 255.255.255.192 > ip address inside 10.10.10.1 255.255.255.0 > ip address real q.w.r.1 255.255.255.0 > global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0 > global (outside) 1 a.b.c.254 netmask 255.255.255.0 > nat (inside) 1 10.10.10.0 255.255.255.0 0 0 > nat (real) 0 q.w.r.5 255.255.255.255 0 0 > nat (real) 0 q.w.r.6 255.255.255.255 0 0 > nat (real) 0 q.w.r.7 255.255.255.255 0 0 > conduit permit icmp any any > conduit permit tcp any range 1024 65535 any > conduit permit udp any range 1024 65535 any > > > Thanks for your help me. -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
