Urgent help needed! Pix 501 config help with error message.

Posted on 2007-08-01
Last Modified: 2013-11-16
when I put in the following command:

static (inside,outside) 74.x.x.x 192.168.x.11 netmask access-list rbs_acl 0 0

I get the following error:

"number of maximum connections should lie between 0 and 65535"

anyone have insite to this?  Points are awarded for urgency..
Question by:bwooden

    Author Comment

    Here is the config in question:

    PIX Version 6.3(4)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 1GAe0QHvfKZrrGbf encrypted
    passwd 1GAe0QHvfKZrrGbf encrypted
    hostname <my pix>
    domain-name <my domain>
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    access-list no_nat permit ip 192.168.x.0 192.168.x.0
    access-list outside_in permit tcp any interface outside eq www
    access-list outside_in permit tcp any interface outside eq ftp
    access-list outside_in permit tcp any interface outside eq smtp
    access-list split permit ip 192.168.x.0
    access-list vpn_acl permit ip 192.168.x.0
    access-list rbs_acl permit tcp any interface outside range 1024 2048  
    pager lines 24
    logging on
    logging timestamp
    logging monitor informational
    logging buffered informational
    logging trap informational
    logging host inside 192.168.x.21
    mtu outside 1500
    mtu inside 1500
    ip address outside 74.x.x.x 255.x.x.x
    ip address inside 192.x.x.x
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool vpn_pool 192.168.x.1-192.168.x.20
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list no_nat
    nat (inside) 1 0 0
    static (inside,outside) tcp interface smtp 192.168.x.11 smtp netmask 0 0
    static (inside,outside) tcp interface www 192.168.x.11 www netmask 0 0
    static (inside,outside) tcp interface ftp 192.168.x.11 ftp netmask 0 0
    access-group outside_in in interface outside
    route outside 74.x.x.x 0
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa-server local protocol tacacs+
    aaa-server local max-failed-attempts 3
    aaa-server local deadtime 10
    aaa authentication enable console LOCAL
    aaa authentication telnet console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.x.0 inside
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    crypto map mymap client authentication LOCAL
    crypto map mymap interface outside
    isakmp enable outside
    isakmp identity address
    isakmp nat-traversal 10
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup irn_vpn idle-time 1800
    vpngroup test_vpn address-pool vpn_pool
    vpngroup test_vpn dns-server 192.168.x.11
    vpngroup test_vpn wins-server 192.168.x.11
    vpngroup test_vpn default-domain domain.local
    vpngroup test_vpn split-tunnel split
    vpngroup test_vpn idle-time 1800
    vpngroup test_vpn password ********
    telnet timeout 30
    ssh 192.168.x.0 inside
    ssh timeout 5
    console timeout 0
    username <sanitized> password ZHdhybRp5.I27W9v encrypted privilege 15
    terminal width 80
    : end

    LVL 25

    Accepted Solution

    its an either or thing
    static (inside,outside) 74.x.x.x  access-list rbs_acl 0 0
    static (inside,outside) 74.x.x.x 192.168.x.11 netmask  0 0
    LVL 25

    Expert Comment


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video discusses moving either the default database or any database to a new volume.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now