[c-nsp] problem creating a static on Pix
Scott Granados
gsgranados at comcast.net
Thu Jul 30 18:18:37 EDT 2009
Hi, I'm having the following issue.
Background
I have two networks one public 206.x.x.77/27 and internal 10.18.x.253/27. I
wish to open port 80 to the world and allow web traffic.
I've added the following static line.
static (inside,outside) tcp 206.x.x.77 80 10.18.x.253 80 netmask
255.255.255.255 0 0
I have added the following to my ACL
access-list acl-outside permit ip any host 10.18.x.253 eq 80
(the first line in sequence)
Finally, I apply the acl as follows
access-group acl-outside in interface outside
I've confirmed that the device is listening on 80 and accepting connections
and I've confirmed that the device can route out to the internet by pinging
some distant network addresses. My issue is I can't initiate a connection
from the outside in. Telnet to 206.x.x.77 80 yields "no route to host" from
a Linux box out in the field. I tried to execute a telnet from the router
on 206.x.x.65 (the gateway to the outside network) to 206.x.x.77 80 and it
simply hangs. (testing connectivity on the same segment) What have I
missed?
This feels like it should be something obvious but I've been pulling my hair
out (what's left) and no lights are going on. Any pointers would be
appreciated.
Thanks
Scott
More information about the cisco-nsp
mailing list