There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.
Solved
PIX 506e - Allow inbound traffic
Posted on 2004-04-01
I am creating a new network nat'd behind a PIX 506e. I still need to allow users in the original network to access the new network. Outbound traffic works because the PIX allows this implicitly. I will have to close this down in the near future. I can't seem to allow any inbound traffic initiated from the outside. The log shows
%PIX-3-305005: No translation group found for tcp src outside:55.55.55.55/2832 dst inside:10.0.0.1/445
Basically I want to allow everything from outside network 55.55.55.0/24 to the inside network 10.0.0.0/23.
%PIX-3-305005: No translation group found for tcp src outside:55.55.55.55/2832 dst inside:10.0.0.1/445
Basically I want to allow everything from outside network 55.55.55.0/24 to the inside network 10.0.0.0/23.
3
2
6 Comments
Active 3 days ago
I believe that your access list entry should look something like this:
access-list 160 permit ip 55.55.55.0 0.0.0.255 10.0.0.0/23 0.0.1.255
Active today
Kdo, the access-lists on a PIX use subnet masks. You must be more familiar with the access-lists on a router that use an inverse mask...
access-list outside_in permit ip 55.55.55.0 255.255.255.0 10.0.0.0 255.255.254.0
access-group outside_in in interface outside
access-list outside_in permit ip 55.55.55.0 255.255.255.0 10.0.0.0 255.255.254.0
access-group outside_in in interface outside
Active today
Oh, yes, assuming that you do not want to nat the traffic between 55.55.55.0 and 10.0.0.0, add these lines:
access-list no_nat permit 10.0.0.0 255.255.254.0 55.55.55.0 255.255.255.0
nat(inside) 0 access-list no_nat
access-list no_nat permit 10.0.0.0 255.255.254.0 55.55.55.0 255.255.255.0
nat(inside) 0 access-list no_nat
Active 3 days ago
Good catch....
I don't care how these devices represent the mask values internally -- you'd think that at least the language syntax would be similar.
:-)
Thanks lrmooore. That worked. But I have another question(s) about this.
How would I change the configuration to nat the outside address, so that they appear to be coming from the inside interface?
What would be the reasons to do or not to do this? I understand nat going outbound is to hide the inside network, but why would I want to hide the outside network?
How would I change the configuration to nat the outside address, so that they appear to be coming from the inside interface?
What would be the reasons to do or not to do this? I understand nat going outbound is to hide the inside network, but why would I want to hide the outside network?
Featured Post
The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
WARNING:
If you follow the instructions here, you will wipe out your VTP and VLAN configurations. Make sure you have backed up your switch!!!
I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:
• Key questions to ask when considering a partnership to accelerate your business into the cloud
• Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll
606 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.