[c-nsp] PIX firewall problem
Mohammad khalil
mkhalil at batelco.jo
Mon Sep 24 02:39:59 EDT 2007
Yes , I made clear xlate local 172.16.1.88 directly , and the same issue
Mohammad Khalil
Core Network Engineer
Batelco Jordan
P.O Box 811912
Amman 11181 Jordan
Tel: +962-6-5510101
Fax: +962-6-5510102
Email: mkhalil at batelco.jo
Mobile: +962-7-85004448
www.batelco.jo
-----Original Message-----
From: Chitre, Salil [mailto:ChitreS at dnb.com.au]
Sent: Monday, September 24, 2007 9:32 AM
To: Mohammad khalil
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] PIX firewall problem
Hi,
After adding the static entry did you clear the xla
Cl xla local 172.16.1.88
That will cause the translation to take effect immediately.
Thanks
Salil
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mohammad khalil
Sent: Monday, 24 September 2007 4:30 PM
To: Ahmad Al-Dosari
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PIX firewall problem
access-list CSM-acl-DMZ-slot:2-V2 permit ip host 172.16.1.88 any
static (DMZ-slot:2,outside) x.x.x.88 172.16.1.88 netmask 255.255.255.255
0 0
even if u opened everything from outside through an access-list , it
didn't work and issuing show xlate produces:
Global 172.16.1.88 Local 172.16.1.88
Which should be
Global x.x.x.88 Local 172.16.1.88
After maybe 15 min it worked and everything was ok !!
________________________________
From: Ahmad Al-Dosari [mailto:adosari at gmail.com]
Sent: Monday, September 24, 2007 12:16 AM
To: Mohammad khalil
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PIX firewall problem
Past your configuration here...
On 9/23/07, Mohammad khalil <mkhalil at batelco.jo> wrote:
We have a 525 PIX firewall, the problem we are facing is that we a dmz
that we use for servers when we configure a private IP address with an
access list and static mapping with real IP address, the global address
appears as the local one which is incorrect, I made xlate for both the
local and global addresses and after maybe 15 min it worked by itself.
Can anyone help in this?
Mohammad Khalil
Core Network Engineer
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list