I have a PIX 525 that I am in the middle of configuring. I have three interface inside, outside and DMZ. The inside is 192.168.12.0 /24 the DMZ is 192.168.11.0 / 28 and I have six external IP addresses.
I need to be able to give users on the outside a public IP address and the users on the inside either the privatre or public address. I have tried to follow a config from Cisco, but it has gone horribly wrong!
I have the ftp server sitting on the dmz as 192.168.11.1 and the PIX interface as 192.168.11.14 (all IP addresses have been changed to protect the inocent ie me!) the Outside interface is 68. 157.105.2, the gateway is 126.96.36.199 the address I want the users to use is 188.8.131.52 for FTP and I have set a PAT up on 184.108.40.206 for all the inside to outside connections
This is the problem, if I FTP to the external address then I receive a message saying the host is connected then does nothing and drops, if I ftp from the inside network to the DMZ address of the ftp server I instantly receive an error message saying unknown error number!
Here is what I have done:
name 192.168.11.1 ftpserver
access-list Inbound_ACL permit tcp any host ftpserver eq ftp
global outside 1 220.127.116.11
nat inside 1 192.168.12.0 255.255.255.0 0 0
nat dmz 1 192.168.11.0 255.255.255.240
static dmz,outside 18.104.22.168 ftpserver netmask 255.255.255.255 0 0
access-group Inbound_ACL in interface outside
route outside 0.0.0.0 0.0.0.0 22.214.171.124
fixup protocol ftp 21
The FTP server is running on W2K server and is the new WS FTP server from ipswitch. If I plug a machine into the DMZ lan and FTP to it there in no problem!
Can someone please point me in the right direction... I have to have this working for tomorrow morning and at the moment it looks like I am toast!