|
Firewall Wizards
mailing list archives
RE: No connection once the translation rules are applied
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 11 Dec 2003 09:26:59 -0500
Any time you change NAT rules on a PIX, your first troubleshooting step
should always be to run 'clear xlate'.
If the IP address doesn't change, why perform static NAT for it? Instead
of the static, try:
nat (outside) 0 192.168.1.10 255.255.255.255
With other types of connections, you might be able to perform static
PAT via the outside interface, but I'm not sure that the PIX supports
GRE in that configuration.
Also, it looks like you're missing a source 'any' in the permit tcp rule
below. Good luck!
PaulM
-----Original Message-----
I have a 501 v. 6.3(1). I am attempting to establish a PPTP VPN server
(192.168.1.10) behind the firewall. I lose Internet connectivity once I apply
the translation rules. I do not have an electronic copy available, but here is
a quick synopsis of the pertinent entires.
fixup protocol pptp 1723
access-list outside_access_in permit gre any host 192.168.1.10
access-list outside_access_in permit tcp eq pptp host 192.168.1.10 eq pptp
access-list outside_access_in permit icmp any any echo-reply
ip address outside xxx.xxx.xxx.xxx 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
What am I missing here?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
