This is correct is should be: static(more_more_secure_int less_secure_int) local local netmask netmask 255....
At 09:29 AM 4/18/2002 -0400, Fei Yang wrote: >1. Shouldn't the static command be static (inside,outside) ><inside_global_ip> <inside_local_ip> netmask 255.255.255.255, rather than >(outside,inside)? > >2. For communications between two local hosts, you should use inside local >address, rather than their global address. PIX will not translate the >inside global IP to the inside local IP on the INSIDE interface. PIX does >this translation on the OUTSIDE interface. > >If you need to let inside host to access some other inside host by its >public IP address, say the target host is a web server, you might need to >configure alias. > >Fei. >-----Original Message----- >From: David Ishmael [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, April 17, 2002 3:29 PM >To: [EMAIL PROTECTED] >Subject: PIX Translation Issues > >All: > >I've got a PIX with two interfaces. The outside interface has a public >address space while the inside interface has a private address space. The >problem I'm having is that the internal devices can't ping external >(public) address mappings. For example: > >static (outside, inside) 123.123.123.123 10.10.10.123 netmask >255.255.255.255 0 0 >static (outside, inside) 123.123.123.124 10.10.10.124 netmask >255.255.255.255 0 0 > >When 10.10.10.123 tries to connect to 123.123.123.124 I get the following >error message via syslog: > >-> regular translation creation failed for tcp src >inside:10.10.10.123/3737 dst outside:123.123.123.124/110. > >I've checked to make sure that the access-list is permitting the >connection and its wide open. Any ideas on what I'm doing wrong? > >-- >David Ishmael, CCNA/IVCP >Sr. Engineer, Windward Consulting Group >2300 Corporate Park Drive >Suite 400 >Herndon, VA 20171 ><mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] >(571) 332-6234 > >"Engineers don't think outside the box, they redesign it" > >EMAIL DISCLAIMER > >The information contained in this message, and any attachment, is >confidential and proprietary information, and may be legally privileged. >It is intended for the above named recipient(s) only and is transmitted in >confidence. It should be safeguarded to prevent unauthorized, negligent, >or inadvertent use or disclosure. This message is proprietary to Windward >Consulting Group, Inc. and may not be disclosed, forwarded, distributed, >or reproduced, without the express permission of Windward. > >If this message is received in error, the sender should be notified and >the message and any attachments deleted. > >Email transmission cannot be guaranteed to be secure or error free as >information could be intercepted, corrupted, lost, destroyed, arrive late >or incomplete, or contain viruses. The sender therefore does not accept >liability for any errors or omissions in the contents of this message >which arise as a result of email transmission. > >�2002 Windward Consulting Group, Inc > >_______________________________________________ Firewalls mailing list >[EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
