[nsp] NAT translations in IOS 12.2 on pix 515
Voll, Scott
Scott.Voll at wesd.org
Tue Jan 13 10:18:27 EST 2004
Sorry the ACL was wrong. Going to fast to early in the morning. :-)
access-list test permit tcp any host x.x.x.x eq smtp
access-list test deny ip any host x.x.x.x
Scott
-----Original Message-----
From: Voll, Scott
Sent: Tuesday, January 13, 2004 7:14 AM
To: daryl at introspect.net; cisco-nsp at puck.nether.net
Subject: RE: [nsp] NAT translations in IOS 12.2 on pix 515
The static nat would look something like this:
static (INSIDE,OUTSIDE) x.x.x.x 10.1.8.x netmask 255.255.255.255 0 0
Then you will use your ACL to only allow SMTP
access-list test permit udp any host x.x.x.x eq snmp
access-list test deny any host x.x.x.x
access-group test in interface OUTSIDE
Like daryl said you need the PDM for the web, but I have never used it.
Scott
-----Original Message-----
From: daryl at introspect.net [mailto:daryl at introspect.net]
Sent: Monday, January 12, 2004 6:53 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] NAT translations in IOS 12.2 on pix 515
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of kanee
> Sent: Monday, January 12, 2004 9:20 PM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] NAT translations in IOS 12.2 on pix 515
>
>
> Guys,
>
> Can I configure a NAT statement on a pix 515 Version 6.2 IOS
> via its web interface. How do I enable web server on a pix 515.
Absolutely...but you don't really "enable" the web interface like you do
with an IOS router....you need to have PDM installed. 3.0(1) is the
current version, I belive (that will work with 6.2). Then you just
https://<inside_address_of_pix> and it should work, providing you have
the appropriate "http <address> <netmask> inside (or outside if you're
not to security conscious) in place.
> I want smtp traffic coming on x.x.x.x IP to be nat'd to a
> 10.1.8.x address. What is the correct syntax for this NAT statement.
I can't remember off the top of my head, because I'm lazy and always use
PDM now. Give it a try...
Daryl G. Jurbala
BMPC Network Operations
Tel: +1 215 825 8401 x235
Fax: +1 508 526 8500
INOC-DBA: 26412*DGJ
PGP Key: http://www.introspect.net/pgp
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list