PIX 515 will NOT pass inbound traffic
Posted on 2003-12-01
Holiday got in the way of this question, so I thought I'd repost:
I am working on a PIX 515 6.3(3) PMD Version 3.0(1) two interfaces
Client has been given the following public address range:
69.x.x.121 ~ 69.x.x.126 netmask 255.255.255.248
Router is plugged into a basic switch as is the PIX outside interface.
The first ip .121 has been defined as the ethernet port of the router.
Presently I have the PIX outside interface defined as 69.x.x.126 netmask 255.255.255.248 and gateway 69.x.x.121
I have the inside interface of the PIX definded as 10.4.10.254 netmask 255.255.255.0
If I configure the PIX for NAT utilizing the interface ip (PAT .126) everything works just fine for outbound internet access.
HOWEVER I am not successfull in defining a static NAT for one of the remaining public addesses to an internal address. I am returned the PIX 3-305006 error in the syslogs.
Of note is the fact that if I use the outside interface (.126) ip in my static definition to an internal host, the access from outside to a nat defined host on the inside works.
Access rules have been defined.
This led a friend of mine to suggest not using the ip address of the interface for my PAT. I left the outside interface as .126 and defined the PAT as .125. Does not work. I see nothing of interest in the logs, however outbound traffic fails.
I then attempted a Global pool with .124 & .125, still would not pass any traffic outbound.
Does the router need any configuration? I am told the isp utilizes RIP. I would simply like to have the internal network access the internet from one of the public ip addresses and also have the ability to configure www on an internal server that has a public NAT translation.
I have seen the documentation on the 305006 error and I cannot seem bridge the gap I am facing.