After changing mapping cannot FTP to server through PIX

Hello all,

I had to change the internal IP of my FTP server and change the static mapping in my PIX to match. Did that and cleared the local-host and xlate, but I still cannot seem to get through the PIX.
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3390 192.168.100.11 3390 netmask 255.255.255.255 0 0 
static (inside,outside) tcp interface 3389 192.168.100.20 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.25 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.25 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x 3389 192.168.100.28 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x ftp 192.168.100.27 ftp netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.30 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.30 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x 3389 192.168.100.29 3389 netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.10 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x www 192.168.100.9 www netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x https 192.168.100.9 https netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x telnet 192.168.254.1 telnet netmask 255.255.255.255 0 0 
static (inside,outside) tcp x.x.x.x ftp 192.168.100.12 ftp netmask 255.255.255.255 0 0 
access-group outside_in in interface outside

Open in new window

LVL 12
bhnmiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jderaCommented:
Can you ping and access FTP internally?
0
bhnmiAuthor Commented:
yup, I can hit it from my remote location across my Point 2 point also. Only the IP changed not the gateway or anything like that.
0
bhnmiAuthor Commented:
also, it is the mapping to 192.168.100.12
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

batry_boyCommented:
What does your "outside_in" ACL look like?
0
bhnmiAuthor Commented:
Here is the ACL. It is pretty strange. I am going to restart the FTP server, I haven't yet. I have reloaded the PIX though.
access-list outside_in permit icmp any any echo-reply 
access-list outside_in permit icmp any any time-exceeded 
access-list outside_in permit icmp any any traceroute 
access-list outside_in permit icmp any any unreachable 
access-list outside_in permit tcp any host x.x.x.38 eq 3390 
access-list outside_in permit tcp any host x.x.x.38 eq 3389 
access-list outside_in permit tcp any host x.x.x.34 eq ftp 
access-list outside_in permit tcp any host x.x.x.34 eq www 
access-list outside_in permit tcp any host x.x.x.34 eq https 
access-list outside_in permit tcp any host x.x.x.34 eq 3389 
access-list outside_in permit tcp any host x.x.x.35 eq ftp 
access-list outside_in permit tcp any host x.x.x.35 eq www 
access-list outside_in permit tcp any host x.x.x.35 eq https 
access-list outside_in permit tcp any host x.x.x.35 eq 3389 
access-list outside_in permit tcp any host x.x.x.36 eq www 
access-list outside_in permit tcp any host x.x.x.36 eq https 
access-list outside_in permit tcp any host x.x.x.37 eq https 
access-list outside_in permit tcp any host x.x.x.36 eq telnet 

Open in new window

0
bhnmiAuthor Commented:
DUH!!!! Helps to type the public address correctly in the mapping... I got it fixed. brain fart...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.