Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco PIX... address transform...

Reply
Thread Tools

Cisco PIX... address transform...

 
 
The_Stradz
Guest
Posts: n/a
 
      02-16-2006
All,

Wonder if someone can point me in the right direction...? I have a PIX 515E
that I'm using as an internal firewall in a classic internet | firewall |
dmz | firewall | internal LAN config.

the inside (internal lan) interface address is 10.156.1.1/24 and the outside
(dmz) address is 10.1.1.254/24. There are several hosts within the DMZ
(10.1.1.20, 10.1.1.21, 10.1.1.22 etc).

Now what I want to do is reference a DMZ host (say 10.1.1.20) using an
inside network IP address (10.156.1.40 say) - so that an internally
connected PC can ping the DMZ host using the 10.156.1.40 address.

I've issued the command "static (inside, outside) 10.156.1.40 10.1.1.20"

Then ACLed to allow "icmp any" to the DMZ host (10.156.1.40). However, its
not working? Can anyone give me any pointers to what is wrong here?

Any help greatly appreciated!

Thanks
-D



 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      02-16-2006
You have to do " static (outside,inside)" and not "static
(inside,outside)"

since you want to mask an outside IP to the inside , and not mask an
inside IP to the outside.

static (outside,inside) 10.156.1.40 10.1.1.20 netmask 255.255.255.255 0 0





In your environment
"The_Stradz" <(E-Mail Removed)> wrote in message
news:dt2oml$kj2$(E-Mail Removed)-infra.bt.com...
> All,
>
> Wonder if someone can point me in the right direction...? I have a PIX
> 515E
> that I'm using as an internal firewall in a classic internet | firewall |
> dmz | firewall | internal LAN config.
>
> the inside (internal lan) interface address is 10.156.1.1/24 and the
> outside
> (dmz) address is 10.1.1.254/24. There are several hosts within the DMZ
> (10.1.1.20, 10.1.1.21, 10.1.1.22 etc).
>
> Now what I want to do is reference a DMZ host (say 10.1.1.20) using an
> inside network IP address (10.156.1.40 say) - so that an internally
> connected PC can ping the DMZ host using the 10.156.1.40 address.
>
> I've issued the command "static (inside, outside) 10.156.1.40 10.1.1.20"
>
> Then ACLed to allow "icmp any" to the DMZ host (10.156.1.40). However,
> its
> not working? Can anyone give me any pointers to what is wrong here?
>
> Any help greatly appreciated!
>
> Thanks
> -D
>
>
>



 
Reply With Quote
 
 
 
 
The_Stradz
Guest
Posts: n/a
 
      02-17-2006
OK - done that..... still no joy.... pinging 10.156.1.40 doesn't work.....
anything else that I'm missing?

"mcaissie" <(E-Mail Removed)> wrote in message
news:GU6Jf.4470$n67.2670@edtnps89...
> You have to do " static (outside,inside)" and not "static
> (inside,outside)"
>
> since you want to mask an outside IP to the inside , and not mask an
> inside IP to the outside.
>
> static (outside,inside) 10.156.1.40 10.1.1.20 netmask 255.255.255.255 0 0
>
>
>
>
>
> In your environment
> "The_Stradz" <(E-Mail Removed)> wrote in message
> news:dt2oml$kj2$(E-Mail Removed)-infra.bt.com...
>> All,
>>
>> Wonder if someone can point me in the right direction...? I have a PIX
>> 515E
>> that I'm using as an internal firewall in a classic internet | firewall |
>> dmz | firewall | internal LAN config.
>>
>> the inside (internal lan) interface address is 10.156.1.1/24 and the
>> outside
>> (dmz) address is 10.1.1.254/24. There are several hosts within the DMZ
>> (10.1.1.20, 10.1.1.21, 10.1.1.22 etc).
>>
>> Now what I want to do is reference a DMZ host (say 10.1.1.20) using an
>> inside network IP address (10.156.1.40 say) - so that an internally
>> connected PC can ping the DMZ host using the 10.156.1.40 address.
>>
>> I've issued the command "static (inside, outside) 10.156.1.40 10.1.1.20"
>>
>> Then ACLed to allow "icmp any" to the DMZ host (10.156.1.40). However,
>> its
>> not working? Can anyone give me any pointers to what is wrong here?
>>
>> Any help greatly appreciated!
>>
>> Thanks
>> -D
>>
>>
>>

>
>



 
Reply With Quote
 
mcaissie
Guest
Posts: n/a
 
      02-17-2006
can you post your config

-nat - global - static - acl - and access-group


"The_Stradz" <(E-Mail Removed)> wrote in message
news:dt3tjh$dkr$(E-Mail Removed)-infra.bt.com...
> OK - done that..... still no joy.... pinging 10.156.1.40 doesn't
> work..... anything else that I'm missing?
>
> "mcaissie" <(E-Mail Removed)> wrote in message
> news:GU6Jf.4470$n67.2670@edtnps89...
>> You have to do " static (outside,inside)" and not "static
>> (inside,outside)"
>>
>> since you want to mask an outside IP to the inside , and not mask an
>> inside IP to the outside.
>>
>> static (outside,inside) 10.156.1.40 10.1.1.20 netmask 255.255.255.255 0 0
>>
>>
>>
>>
>>
>> In your environment
>> "The_Stradz" <(E-Mail Removed)> wrote in message
>> news:dt2oml$kj2$(E-Mail Removed)-infra.bt.com...
>>> All,
>>>
>>> Wonder if someone can point me in the right direction...? I have a PIX
>>> 515E
>>> that I'm using as an internal firewall in a classic internet | firewall
>>> |
>>> dmz | firewall | internal LAN config.
>>>
>>> the inside (internal lan) interface address is 10.156.1.1/24 and the
>>> outside
>>> (dmz) address is 10.1.1.254/24. There are several hosts within the DMZ
>>> (10.1.1.20, 10.1.1.21, 10.1.1.22 etc).
>>>
>>> Now what I want to do is reference a DMZ host (say 10.1.1.20) using an
>>> inside network IP address (10.156.1.40 say) - so that an internally
>>> connected PC can ping the DMZ host using the 10.156.1.40 address.
>>>
>>> I've issued the command "static (inside, outside) 10.156.1.40 10.1.1.20"
>>>
>>> Then ACLed to allow "icmp any" to the DMZ host (10.156.1.40). However,
>>> its
>>> not working? Can anyone give me any pointers to what is wrong here?
>>>
>>> Any help greatly appreciated!
>>>
>>> Thanks
>>> -D
>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco!! Cisco!! Cisco!! The Doctor Cisco 0 01-31-2010 01:24 PM
Business VoIP Solutions Using Cisco Gateways, Cisco Call Agent, And Cisco IP Phones FreedomFireCom VOIP 0 10-03-2007 12:06 AM
Discussion about segregating bandwidth with Cisco 7513, Cisco 3750 and Cisco 3640 iskandar@measat.com Cisco 1 06-18-2006 06:30 PM
Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager Rene Kuhn Cisco 0 12-28-2005 08:45 PM



Advertisments