- Posts: 198
- Thank you received: 1
NAT issue in PIX
17 years 1 month ago #23631
by Dove
Dove
Replied by Dove on topic Re: NAT issue in PIX
I strongly belive its not a Gateway issue...because they are accessing the NATed IP through WAN link....more over from the same machine user can access the another NATed IP which are in same subnet as I mentioned my earlier post.
Dove
17 years 1 month ago #23636
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: NAT issue in PIX
Sorry Dove but i don't understand your post.
What do you mean access the NATed IP through WAN link ?
Another NATed address in the same subnet ?
--
So, one static NAT translation to another server in the same subnet as the one that doesn't work is working ok ?
Can you provide a drawing of your environment with the pasted config (without passwords and mask the ip addresses), i am guessing the problem still exists ?
Cheers
because they are accessing the NATed IP through WAN link...
What do you mean access the NATed IP through WAN link ?
the same machine user can access another NATed IP which are in the same subnet
Another NATed address in the same subnet ?
--
So, one static NAT translation to another server in the same subnet as the one that doesn't work is working ok ?
Can you provide a drawing of your environment with the pasted config (without passwords and mask the ip addresses), i am guessing the problem still exists ?
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 1 month ago #23645
by pfunix
Replied by pfunix on topic Re: NAT issue in PIX
hi hope this would help you out.
access-list 110 extended permit icmp any any echo-reply
access-list 110 extended permit icmp any any time-exceeded
access-list 110 extended permit icmp any any unreachable
global (outside) 10 interface
nat (inside) 10 <IP-RANGE> <SUBNETMASK>
access-group 110 in interface outside
this will give you a basic natting from the inside interface to outside. this is a full nat setup so every traffic passed through the inside interface gets translated. (tcp,udp,icmp, etc) will get through. if you are concern about icmp on the outside interface you can always do the following.
icmp deny any outside
goodluck.
-pf
access-list 110 extended permit icmp any any echo-reply
access-list 110 extended permit icmp any any time-exceeded
access-list 110 extended permit icmp any any unreachable
global (outside) 10 interface
nat (inside) 10 <IP-RANGE> <SUBNETMASK>
access-group 110 in interface outside
this will give you a basic natting from the inside interface to outside. this is a full nat setup so every traffic passed through the inside interface gets translated. (tcp,udp,icmp, etc) will get through. if you are concern about icmp on the outside interface you can always do the following.
icmp deny any outside
goodluck.
-pf
17 years 1 month ago #23646
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: NAT issue in PIX
At this point I agree with Smurf, a diagram with some configuration will greatly help us get an idea how your setup is and make the necessary recommendations.
Cheers,
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.126 seconds