[c-nsp] problem creating a static on Pix

Michael K. Smith - Adhost mksmith at adhost.com
Thu Jul 30 18:35:46 EDT 2009



> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Scott Granados
> Sent: Thursday, July 30, 2009 3:19 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] problem creating a static on Pix
> 
> Hi, I'm having the following issue.
> 
> Background
> 
> I have two networks one public 206.x.x.77/27 and internal
> 10.18.x.253/27.  I
> wish to open port 80 to the world and allow web traffic.
> 
> I've added the following static line.
> 
> static (inside,outside) tcp 206.x.x.77 80 10.18.x.253 80 netmask
> 255.255.255.255 0 0
> 
> I have added the following to my ACL
> 
> access-list acl-outside permit ip any host 10.18.x.253 eq 80
> (the first line in sequence)
> 

Your outside ACL should reference your outside IP, not the inside.

Access-list acl-outside permit ip any host 206.x.x.77 eqw 80

Regards,

Mike


More information about the cisco-nsp mailing list