[c-nsp] PIX IP Aliasing

Sat Oct 9 08:12:55 EDT 2004

Just permit it in an access-list or a conduit, the static does not allow
trafic it only makes the "connection".

Static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255 0 0
access-list inbound permit gre any host y.y.y.y  
access-group inbound in interface outside

Nicolaj

-----Original Message-----
From: Rey Martin [mailto:rey.martin at qalacom.com] 
Sent: 9. oktober 2004 06:03
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PIX IP Aliasing

sorry for the confusion, Im trying to configure PAT to translate GRE.
I could do it easily for tcp/udp, but it seems the function is not
available for other protocol (such as gre, protocol 47)?

rey

----- Original Message ----- 
From: "Nicolaj Ottsen" <no at webpartner.dk>
To: "Nicolaj Ottsen" <no at webpartner.dk>; "Rey Martin" 
<rey.martin at qalacom.com>; <cisco-nsp at puck.nether.net>
Sent: Saturday, October 09, 2004 7:29 AM
Subject: RE: [c-nsp] PIX IP Aliasing

> Sorry, wrong syntax, leave out the "ip" in the static command.
>
> /Nicolaj
>
> -----Original Message-----
> From: Nicolaj Ottsen
> Sent: 9. oktober 2004 01:17
> To: Rey Martin; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] PIX IP Aliasing
>
> Like IP ?
>
> Just do ...
>
> Static (X,Y) ip y.y.y.y x.x.x.x netmask 255.255.255.255 0 0
>
> Nicolaj
>
> -----Original Message-----
> From: Rey Martin [mailto:rey.martin at qalacom.com]
> Sent: 8. oktober 2004 22:45
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] PIX IP Aliasing
>
> just a quick question, is there any way to translate another protocol
> besides tcp/udp?
> it seems that the 'static' command only support tcp and udp
translation.
>
>
> rey
> ----- Original Message -----
> From: <rwcrowe at comcast.net>
> To: "Paul Stewart" <pauls at nexicom.net>; <cisco-nsp at puck.nether.net>
> Sent: Wednesday, October 06, 2004 12:37 AM
> Subject: Re: [c-nsp] PIX IP Aliasing
>
>
>> Unless I'm unclear on your requirements, you don't really need a
> secondary
>> interface, just a free public IP address from your external pool.
>>
>> To translate tcp port 80:
>>
>> static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80
>>
>> To translate udp port 53:
>>
>> static (inside,outside) udp x.x.x.x 53 y.y.y.y 53
>>
>> You can translate either tcp or udp and any port.
>> Where x.x.x.x is a free public IP address and y.y.y.y is the IP
> address of
>> the internal host.
>>
>> --
>> Rob Crowe
>> rwcrowe at comcast.net
>>
>>
>>> We have a 515E PIX... I'm trying to add a secondary interface to the
>>> Outside.  This is so I can setup port translations to map to an
> internal
>>> box (two ports).
>>>
>>> I've done this using the interface IP before and it worked but I'd
> like
>>> this to be done a secondary IP on the same interface.. can this be
> done?
>>>
>>> Thanks,
>>>
>>> Paul
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/