was playing round on a ASA 5510 using the ASDM which wrote: static (dmz,outside) 40.1.1.4 40.1.1.4 netmask 255.255.255.255
This takes me by surprise, as it's not in keeping with the syntax I learned for the PIX, and indeed when I tried to write more PIX like static's via telnet they were refused -
In article , Barrett Bonden wrote: :was playing round on a ASA 5510
Cool, I'd never even heard of one of those before!
:using the ASDM which wrote: :static (dmz,outside) 40.1.1.4 40.1.1.4 netmask 255.255.255.255
:This takes me by surprise, as it's not in keeping with the syntax I learned :for the PIX,
I don't know when you learned, but that syntax has been valid on the PIX since at least PIX 5.2, perhaps earlier.
:and indeed when I tried to write more PIX like static's via :telnet they were refused -
What exactly did you try?
Walter, it was something like
static (inside,outside) tcp interface 192.168.0.22 80 or static (dmz,outside) tcp interface 40.1.1.4
and the pix chalanged me at the 40.
I must add here that it's been a year since I did any PIX work, and that , once again, I find it all very obscure and non-intuitive, but I thought I had a clear sense of statics .... I can't yet make any sense out of what I posted below. ( static (dmz,outside) 40.1.1.4 40.1.1.4 netmask 255.255.255.255)
I started to play with the newer ASA and then backed off. I still cant get any SSH client (0 for 3 ) to connect to the old PIX....and you'll see in a future post I'm having trouble opening up a hole into a new server behind the wall with a static/access list combo ...at least I'm learning how to use Kiwi and syslog....why the *&(& didn't Cisco emphasise the need for "TRAP" in their docs ? Many thanks for any pointers.
In article , Barrett Bonden wrote: :it was something like
:static (inside,outside) tcp interface 192.168.0.22 80 :or :static (dmz,outside) tcp interface 40.1.1.4 :and the pix chalanged me at the 40.
That's a newer form, supported only from 6.2, and the format is
static (inside, outside) tcp OUTERIP OUTERPORT INNERIP INNERPORT static (inside, outside) udp OUTERIP OUTERPORT INNERIP INNERPORT
and that form forwards -only- the given port.
The format
static (inside, outside) OUTERIP INNERIP netmask 255.255.255.255
forwards -all- ports for the IP address, and is still completely valid.
If someone sends a packet to the outside interface addressed to
40.1.1.4 then (outside ACL permitting) the packet will be forwarded to IP address 40.1.1.4 on the DMZ, with the port number unchanged.If someone sends a packet out of the dmz interface with a source address of 40.1.1.4 then (dmz ACL permitting) the packet will be forwarded out the outside interface with a source IP address of 40.1.1.4, with the port number unchanged.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.