1. Home
  2. Cisco Systems
  3. PIX 501 and PAT going to wrong host

PIX 501 and PAT going to wrong host

Hi all,

I have a PIX 501 w 6.3(4) working properly, except for a small PAT problem. I am trying replicate PAT that works on a router and my PAT entries appear to be working more like static IP mappings rather than port mappings. The traffic coming into 22.333.34.99 is being directed to the same internal address (192.168.0.1) regardless of the incoming port. Any help is greatly appreciated.

Don't know if it really matters, but external IP's are fake (obviously).

name 192.168.0.1 Server01 access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 100 permit tcp any host 22.333.34.99 eq smtp access-list 100 permit tcp any host 22.333.34.99 eq 4899 access-list 100 permit tcp any host 22.333.34.99 eq 3389 access-list 100 permit tcp any host 22.333.34.99 eq telnet access-list 100 permit tcp any host 22.333.34.99 eq www access-list 100 permit tcp any host 22.333.34.99 eq https access-list 100 permit tcp any host 22.333.34.100 eq 4899 access-list 100 permit tcp any host 22.333.34.100 eq 5023 access-list inside_outbound_nat0_acl permit ip any 192.168.0.224 255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 192.168.0.224 255.255.255.240 pager lines 24 logging on logging buffered errors mtu outside 1500 mtu inside 1500 ip address outside 22.333.34.98 255.255.255.248 ip address inside 192.168.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool vpnpool1 192.168.0.224-192.168.0.239 arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 22.333.34.99 smtp Server01 smtp netmask

255.255.255.255 0 0 static (inside,outside) tcp 22.333.34.99 telnet Server01 telnet netmask 255.255.255.255 0 0 static (inside,outside) tcp 22.333.34.99 www Server01 www netmask 255.255.255.255 0 0 static (inside,outside) tcp 22.333.34.99 https Server01 https netmask 255.255.255.255 0 0 static (inside,outside) tcp 22.333.34.99 3389 192.168.0.2 3389 netmask 255.255.255.255 0 0
Reply to
Concerned Citizen
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.