Avatar of radkingz

asked on 

PIX 506 6.3(4) to PIX 506E 6.3.(5). NAT not working for one IP address

I copied the config from a PIX 506 running 6.3.(4) to a PIX 506E running 6.3.(5). All of the clients can connect to the internet when I switch out the PIX 506 for the 506E and everything seems to be fine. My mail server was NAT'd on the 506 with an access rule to allow a certain IP address range (our spam and email antivirus vendor). This works fine on the 506. I copied over the config file to the 506E making sure that I overwote the config and not appended. Everything seemed to copy over fine. When I bring the 506E up, no connections can be made to the PIX 506E to the mail server. Also as a note the mailserver cant even get on the internet. If I remove the NAT from the mail server the server can get on the internet fine using the PAT address (the IP address of the outside interface). I can make it work by NATing another IP to the internal address of the mail server and it works fine. I dont want to do this because I would have to go an manually change all of the cell phones that connect to our mail server via activesync, and I would have put out a message to all users using the webaccess, or make DNS changes to reflect the change. I dont understand why one IP wont work and another one will for the same server. I even deleted all the NATs and access rules and put them back in and NADA, but If I say that is (example) it wont work, if I say is then it works fine. I have examined the config from both pix firewalls line by line, The only difference is the software version 6.3(4) and 6.3(5). Any Takers
CiscoHardware Firewalls

Avatar of undefined
Last Comment

8/22/2022 - Mon