[nsp] NAT translations in IOS 12.2 on pix 515
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Tue Jan 13 11:46:22 EST 2004
excuse me for being a old router head but dont cisco acls implicitly deny
everything not explicitly anotated.
the firstline would be enuf.
simplicity is bliss.
economy of motion.
i like to let machines do the work.
i'd write the deny statement to log at the bottom or its just a habit to
remind you its there.
dont flame. its not a big deal. its just the only thing my feeble eyes saw.
sorry if it seems trivial. it is. hope everyone had a great holiday season.
glad its over.
bummer. starbucks was out scones. go figure.
~v/r
Del Hudson
61CS/SCBN - LAAFB NCC
Network Architecture & Engineering Group
delbert.hudson at losangeles.af.mil
-----Original Message-----
From: Voll, Scott [mailto:Scott.Voll at wesd.org]
Sent: Tuesday, January 13, 2004 7:18 AM
To: Voll, Scott; daryl at introspect.net; cisco-nsp at puck.nether.net
Subject: RE: [nsp] NAT translations in IOS 12.2 on pix 515
Sorry the ACL was wrong. Going to fast to early in the morning. :-)
access-list test permit tcp any host x.x.x.x eq smtp
access-list test deny ip any host x.x.x.x
Scott
-----Original Message-----
From: Voll, Scott
Sent: Tuesday, January 13, 2004 7:14 AM
To: daryl at introspect.net; cisco-nsp at puck.nether.net
Subject: RE: [nsp] NAT translations in IOS 12.2 on pix 515
The static nat would look something like this:
static (INSIDE,OUTSIDE) x.x.x.x 10.1.8.x netmask 255.255.255.255 0 0
Then you will use your ACL to only allow SMTP
access-list test permit udp any host x.x.x.x eq snmp
access-list test deny any host x.x.x.x
access-group test in interface OUTSIDE
Like daryl said you need the PDM for the web, but I have never used it.
Scott
-----Original Message-----
From: daryl at introspect.net [mailto:daryl at introspect.net]
Sent: Monday, January 12, 2004 6:53 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] NAT translations in IOS 12.2 on pix 515
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of kanee
> Sent: Monday, January 12, 2004 9:20 PM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] NAT translations in IOS 12.2 on pix 515
>
>
> Guys,
>
> Can I configure a NAT statement on a pix 515 Version 6.2 IOS
> via its web interface. How do I enable web server on a pix 515.
Absolutely...but you don't really "enable" the web interface like you do
with an IOS router....you need to have PDM installed. 3.0(1) is the
current version, I belive (that will work with 6.2). Then you just
https://<inside_address_of_pix> and it should work, providing you have
the appropriate "http <address> <netmask> inside (or outside if you're
not to security conscious) in place.
> I want smtp traffic coming on x.x.x.x IP to be nat'd to a
> 10.1.8.x address. What is the correct syntax for this NAT statement.
I can't remember off the top of my head, because I'm lazy and always use
PDM now. Give it a try...
Daryl G. Jurbala
BMPC Network Operations
Tel: +1 215 825 8401 x235
Fax: +1 508 526 8500
INOC-DBA: 26412*DGJ
PGP Key: http://www.introspect.net/pgp
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list