Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Please help!!! Pix 501 issue

Posted on 2006-11-21
10
Medium Priority
?
377 Views
Last Modified: 2013-11-16
Today I issued the following command into my cousin's company's pix 501 through the PDM:
static (inside,outside) 70.88.231.137 192.168.0.25 netmask 255.255.255.255 0 0

After I did that the firewall stopped passing traffic altogether. Now I can't even VPN into it to reverse the change. I'm thinking the only way is to power down and up the firewall since I didn't get a chance to save to flash.

I was just trying to do some port forwarding for a web application.
0
Comment
Question by:alateos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 

Author Comment

by:alateos
ID: 17992953
Can someone at least tell me what that command did?
0
 
LVL 8

Expert Comment

by:thur6165
ID: 17993183
You setup a NAT so that all traffic going to 70.88.231.137 will be passed to 192.168.0.25,  you would now need to set a access list to allow the traffic thru, thats why everything is being dropped.  Just reboot if you did not save the config.
0
 
LVL 8

Expert Comment

by:thur6165
ID: 17993258
I missed your objective in that last line.  This should take care of your access list.

Access-list out-in perm tcp any host 70.88.231.137 eq 80
Access-group out-in in interface outside
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 
LVL 20

Expert Comment

by:calvinetter
ID: 17993589
>After I did that the firewall stopped passing traffic altogether.
   Let me guess, 70.88.231.137 is the IP address of the outside interface, right?  If so, & you want to forward web traffic to your internal server, do this:

no static (inside,outside) 70.88.231.137 192.168.0.25  <- skip if you already rebooted PIX without saving config
static (inside,outside) tcp 70.88.231.137 80 192.168.0.25 80
clear xlate
access-list inbound_acl permit tcp any host 70.88.231.137 eq 80
access-group inbound_acl in interface outside

FYI: Never use a dash '-' in ACL names! Underscore as above is ok.  If you already have an ACL on the outside interface, replace "inbound_acl" with the name/number of your existing ACL.

cheers
0
 

Author Comment

by:alateos
ID: 17994750
If I just had "sent" the command to the pix, doesn't mean that it saved it to flash, right?
0
 

Author Comment

by:alateos
ID: 17994756
Also, my web application runs on port 8080
0
 
LVL 20

Accepted Solution

by:
calvinetter earned 2000 total points
ID: 17994984
>If I just had "sent" the command to the pix, doesn't mean that it saved it to flash, right?
   Right.  As long as you didn't tell the PIX to save the config at any time, you could have the PIX rebooted & try again remotely or go onsite.

>my web application runs on port 8080
   Fine.  Just replace 8080 for 80 in the example I gave you.

cheers
0
 

Author Comment

by:alateos
ID: 17995305
how can i just apply port forwarding such that all traffic going to 70.88.231.137 on port 8080 will be forwarded to 192.168.0.25 on port 8080?
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 18000186
 As I said before, just substitute 8080 for 80 in my previous post.  eg:
static (inside,outside) tcp 70.88.231.137 8080 192.168.0.25 8080
clear xlate
access-list inbound_acl permit tcp any host 70.88.231.137 eq 8080
access-group inbound_acl in interface outside

cheers
0
 

Author Comment

by:alateos
ID: 18000315
ok thanks.. I'll test it soon
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question