Pix 501 adding static www route

Posted on 2004-10-26
Medium Priority
Last Modified: 2008-01-09
I have a pix 501 that was already configured before I started working with it.  I have never had to work with one before now, so I am not sure i have the proper syntax.  

I have the following static routes already in place:
static (inside,outside) tcp 68.xxx.xxx.18 www www netmask 255.255.255
.255 0 0
static (inside,outside) tcp 68.xxx.xxx.19 smtp smtp netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 68.xxx.xxx.19 pop3 pop3 netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 68.xxx.xxx.19 www www netmask 255.255.255
.255 0 0

I tried to add a static route with the following result:

static (inside,outside) tcp 68.xxx.xxx.17 www netmask 0 0
invalid local port netmask
Usage:  [no] static [(real_ifc, mapped_ifc)]
                {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]
        [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
                {<mapped_ip>|interface} <mapped_port>
                {<real_ip> <real_port> [netmask <mask>]} |
                {access-list <acl_name>}
                [dns] [norandomseq] [<max_conns> [<emb_lim>]]

any ideas what i am doing wrong?
Question by:sigkappu
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 12415438
Simply missing the "www" after the local ip:

    >static (inside,outside) tcp 68.xxx.xxx.17 www netmask 0 0
Should be:
      static (inside,outside) tcp 68.xxx.xxx.17 www www netmask 0 0
You should also always clear xlates before changing/creating new static nat statements:
Pixfirewall(config)#clear xlate
Pixfirewall(config)#static (inside,outside) tcp 68.xxx.xxx.17 www www netmask

Author Comment

ID: 12415505
Thanks I knew it was something simple.
LVL 79

Expert Comment

ID: 12415660
Glad to help!    <8-}


Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question