jsilberberg
asked on
PIX 501 - Not functioning as a Firewall. ??
Trying to use PIC 501 as a Firewall :-)
Cissco IAD n.n.n.113/29
PIX Eth-0 n.n.n.114/29 (PNAT)
Eth1 - 192.168.0.254/24 Gateway Address.
Eth2 - n.n.n.118/29
Eth3 - 192.168.0.23 Static NAT n.n.n.115/29
Eth4 - 192.168.0.24 Static NAT n.n.n.116/29
Traffic to Eth1 / Eth3 / Eth4 all work fine.
Traffic to Eth2 which we don't want NAT Mapped as it's handling SIP traffic does not work. Just want to permit / deny certain port connections.
Should it work or am I expecting something more from the 501 than it's capabile of.
JMS...
Cissco IAD n.n.n.113/29
PIX Eth-0 n.n.n.114/29 (PNAT)
Eth1 - 192.168.0.254/24 Gateway Address.
Eth2 - n.n.n.118/29
Eth3 - 192.168.0.23 Static NAT n.n.n.115/29
Eth4 - 192.168.0.24 Static NAT n.n.n.116/29
Traffic to Eth1 / Eth3 / Eth4 all work fine.
Traffic to Eth2 which we don't want NAT Mapped as it's handling SIP traffic does not work. Just want to permit / deny certain port connections.
Should it work or am I expecting something more from the 501 than it's capabile of.
JMS...
Please post your PIX config. I can't make enough sense of what you've already posted.
ASKER
access-list acl_out permit ip any host n.n.n.118
static (inside,outside) .n.n.n.118 n.n.n.118 netmask 255.255.255.255 0 0
Will have to get you the Full config latter, don;t have access from here..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep,
Goal was / is just to restrict access on some ports (Firewall the Machine) not to NAT the IP ...
So
Static (inside, outside) 1.1.1.118 1.1.1.118 MASK 255.255.255.255 0 0
Is what we were looking for..
Thanks,
Goal was / is just to restrict access on some ports (Firewall the Machine) not to NAT the IP ...
So
Static (inside, outside) 1.1.1.118 1.1.1.118 MASK 255.255.255.255 0 0
Is what we were looking for..
Thanks,