[c-nsp] problem creating a static on Pix
Scott Granados
gsgranados at comcast.net
Thu Jul 30 18:50:04 EDT 2009
Cool, this really helps.
I also have an acl applied to the inside interface. Would I have to add the
inside IP to that ACL as well, is this a bidirectional arrangement?
Thank you again
----- Original Message -----
From: "Michael K. Smith - Adhost" <mksmith at adhost.com>
To: "Scott Granados" <gsgranados at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, July 30, 2009 3:35 PM
Subject: RE: [c-nsp] problem creating a static on Pix
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Scott Granados
> Sent: Thursday, July 30, 2009 3:19 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] problem creating a static on Pix
>
> Hi, I'm having the following issue.
>
> Background
>
> I have two networks one public 206.x.x.77/27 and internal
> 10.18.x.253/27. I
> wish to open port 80 to the world and allow web traffic.
>
> I've added the following static line.
>
> static (inside,outside) tcp 206.x.x.77 80 10.18.x.253 80 netmask
> 255.255.255.255 0 0
>
> I have added the following to my ACL
>
> access-list acl-outside permit ip any host 10.18.x.253 eq 80
> (the first line in sequence)
>
Your outside ACL should reference your outside IP, not the inside.
Access-list acl-outside permit ip any host 206.x.x.77 eqw 80
Regards,
Mike
More information about the cisco-nsp
mailing list