static mapping issue pix 506

Discussion in 'Cisco' started by merlin_666, Oct 4, 2007.

  1. merlin_666

    merlin_666

    Joined:
    Oct 4, 2007
    Messages:
    1
    Likes Received:
    0
    I have a 5 block range of ip's that our isp has given us. We use pat on the pix external address and use a static for the second ip in the range and both work fine. When I try to add a third static it doesn't work. No matter how I configure it I never get traffic out the third ip, or forth, or fifth for that matter. However if I use a static ip connected directly to our DSL modem they work fine

    Any suggestions. Pix config below but ip's changed.

    interface ethernet1 10baset
    interface ethernet1 vlan3 physical
    interface ethernet1 vlan4 logical
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif vlan4 DMZ security50
    ---
    access-list inside_access_in permit ip any any
    access-list outside_access_in permit tcp any host x.x.x.179 eq pop3
    access-list outside_access_in permit tcp any host x.x.x.180 eq www
    access-list outside_access_in permit tcp any host x.x.x.180 eq https
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5635
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5636
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5633
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5634
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5637
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5638
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5641
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5642
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5643
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5644
    access-list outside_access_in permit tcp any host x.x.x.180 eq pcanywhere-data
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5632
    access-list outside_access_in permit tcp any host x.x.x.179 eq 3100
    access-list outside_access_in permit tcp any host x.x.x.179 eq 995
    access-list outside_access_in permit tcp any host x.x.x.179 eq 465
    access-list outside_access_in permit tcp any host x.x.x.179 eq smtp
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5621
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5622
    access-list outside_access_in permit tcp any host x.x.x.179 eq imap4
    access-list outside_access_in permit tcp any host x.x.x.179 eq 993
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5651
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5652
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5657
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5658
    access-list outside_access_in permit tcp any host x.x.x.180 eq 8021
    access-list outside_access_in permit tcp any host x.x.x.180 eq ftp
    access-list outside_access_in permit tcp any host x.x.x.179 eq https
    access-list outside_access_in permit tcp any host x.x.x.179 eq 1000
    access-list outside_access_in permit tcp any host x.x.x.179 eq 5950
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5661
    access-list outside_access_in permit tcp any host x.x.x.180 eq 5662
    access-list dmz_access_in permit ip any any
    ----
    ip address outside x.x.x.178 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip address DMZ 172.18.232.1 255.255.255.0
    -----
    global (outside) 1 interface
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    nat (DMZ) 1 172.18.232.0 255.255.255.0 0 0
    static (inside,outside) tcp x.x.x.180 www serverip www netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 https serverip https netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5635 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5636 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5633 serverip 5633 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5634 serverip 5634 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5637 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5638 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5641 192.168.1.84 pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5642 192.168.1.84 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5621 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5622 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5651 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5652 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5657 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5658 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 8021 serveripip 8021 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 ftp serverip ftp netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5643 serveripip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5644 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 pcanywhere-data serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5632 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5661 serverip pcanywhere-data netmask 255.255.255.255 0 0
    static (inside,outside) tcp x.x.x.180 5662 serverip 5632 netmask 255.255.255.255 0 0
    static (inside,outside) x.x.x.179 serverip netmask 255.255.255.255 0 0
    static (inside,outside) x.x.x.181 192.168.1.6 netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group dmz_access_in in interface DMZ
    route outside 0.0.0.0 0.0.0.0 x.x.x.1 1

    Thanks,
    Mike
     
    merlin_666, Oct 4, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.