After changing mapping cannot FTP to server through PIX

Hello all,

I had to change the internal IP of my FTP server and change the static mapping in my PIX to match. Did that and cleared the local-host and xlate, but I still cannot seem to get through the PIX.
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3390 192.168.100.11 3390 netmask 255.255.255.255 0 0 
static (inside,outside) tcp interface 3389 192.168.100.20 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.25 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.25 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x 3389 192.168.100.28 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x ftp 192.168.100.27 ftp netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.30 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.30 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x 3389 192.168.100.29 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.10 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.9 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.9 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x telnet 192.168.254.1 telnet netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x ftp 192.168.100.12 ftp netmask 255.255.255.255 0 0 
access-group outside_in in interface outside

Open in new window

LVL 12
bhnmiAsked:
Who is Participating?
 
bhnmiConnect With a Mentor Author Commented:
DUH!!!! Helps to type the public address correctly in the mapping... I got it fixed. brain fart...
0
 
jderaCommented:
Can you ping and access FTP internally?
0
 
bhnmiAuthor Commented:
yup, I can hit it from my remote location across my Point 2 point also. Only the IP changed not the gateway or anything like that.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
bhnmiAuthor Commented:
also, it is the mapping to 192.168.100.12
0
 
batry_boyCommented:
What does your "outside_in" ACL look like?
0
 
bhnmiAuthor Commented:
Here is the ACL. It is pretty strange. I am going to restart the FTP server, I haven't yet. I have reloaded the PIX though.
access-list outside_in permit icmp any any echo-reply 
access-list outside_in permit icmp any any time-exceeded 
access-list outside_in permit icmp any any traceroute 
access-list outside_in permit icmp any any unreachable 
access-list outside_in permit tcp any host x.x.x.38 eq 3390 
access-list outside_in permit tcp any host x.x.x.38 eq 3389 
access-list outside_in permit tcp any host x.x.x.34 eq ftp 
access-list outside_in permit tcp any host x.x.x.34 eq www 
access-list outside_in permit tcp any host x.x.x.34 eq https 
access-list outside_in permit tcp any host x.x.x.34 eq 3389 
access-list outside_in permit tcp any host x.x.x.35 eq ftp 
access-list outside_in permit tcp any host x.x.x.35 eq www 
access-list outside_in permit tcp any host x.x.x.35 eq https 
access-list outside_in permit tcp any host x.x.x.35 eq 3389 
access-list outside_in permit tcp any host x.x.x.36 eq www 
access-list outside_in permit tcp any host x.x.x.36 eq https 
access-list outside_in permit tcp any host x.x.x.37 eq https 
access-list outside_in permit tcp any host x.x.x.36 eq telnet 

Open in new window

0
All Courses

From novice to tech pro — start learning today.