Cisco Pix 506 config

So, a client of ours has a working Cisco pix 506 and all I'd like to do is add one more One to One NAT (there's already 3 in there), and open up 3 tcp ports for that mapping.

But... though I've been able to figure out the line I want to type:

static (inside, outside) 65.x.x.103 172.x.x.179 netmask 255.255.255.255

to get the NAT working, when I type it in I simply get a response to either type "help of ?" - as if my command had bad syntax.

How/where I've entered the command is:

1) Telnet to the firewall and login 2) enable 3) static (inside, outside) 65.x.x.103 172.x.x.179 netmask 255.255.255.255

At this point we receive the "help or ?" response, and nothing is added to the listing when we type "show static" (just the 3 already existing NAT mappings in place).

Anyway, any help here for missing/incorrect steps would be definitely appreciated.

thanks much

Reply to
Roark
Loading thread data ...

In article , Roark wrote: :So, a client of ours has a working Cisco pix 506 and all I'd like to do :is add one more One to One NAT (there's already 3 in there), and open :up 3 tcp ports for that mapping.

A lot of the PIX bretheren hang out in comp.dcom.sys.cisco .

:But... though I've been able to figure out the line I want to type:

:static (inside, outside) 65.x.x.103 172.x.x.179 netmask 255.255.255.255

:to get the NAT working, when I type it in I simply get a response to :either type "help of ?" - as if my command had bad syntax.

:How/where I've entered the command is:

:1) Telnet to the firewall and login :2) enable :3) static (inside, outside) 65.x.x.103 172.x.x.179 netmask :255.255.255.255

2a) config terminal

Note: if you only want 3 ports active in the mapping, you might want to use the extension of the 'static' command, such as

static (inside,outside) tcp 65.x.x.103 smtp 172.x.x.179 smtp netmask

255.255.255.255

This facility was introduced in PIX 6.2. (The 506 model was introduced at 5.1(2) and the 506E at 5.2(7), so there is a possibility that your release is too old. The current GD release is one of the 6.2 editions, so chances are the software is new enough for static PAT.)

Reply to
Walter Roberson

Thanks much for your help and answer - will post to comp.dcom.sys.cisco for these issues from now on :)

That was indeed the command we were missing to make this work. Thanks again for your help

Reply to
Roark

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.