Solved

Cisco pix natable issue

Posted on 2014-03-24
10
275 Views
Last Modified: 2014-04-23
Hi,

yesterday i have faced natable issue on cisco pix. after clearing natable by using command clear Xlate and clear local host but it was temporary. actually i did port forwarding for my inside server to access from outside by using port number 80 and 8080 but because of above issue i didn't.
please help me to resolve this.
0
Comment
Question by:kolathaya123
  • 5
  • 4
10 Comments
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39950165
Can you post the commands that you entered to setup portforwarding? Also what version of IOS are you running? Is NAT working on your firewall at all now or not?
0
 

Author Comment

by:kolathaya123
ID: 39950200
PIX Version 6.3(5),command is static (inside,outside) tcp xx.xx.xx.xx 8080 192.1.1.32 8080 netmask 255.255.255.255
and nat is working but port forward is working every time i clear the nat table.
pl suggest.
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39950235
I'm a bit confused. You say that you can only get the port forwarding to work when you clean the NAT table? So just to clarify the scenario You will try and access your server from the outside via port 8080 and it will fail. Then you clear the NAT table and try again and it will allow you to connect? Then finally after some time elapses this will stop working and you are no longer able to connect to the server from the outside UNTIL you clear the NAT table again?
0
 

Author Comment

by:kolathaya123
ID: 39950269
YES SAME THING IS HAPPENING
CAN YOU SUGGEST PL
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 39950361
please show the whole config
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 9

Assisted Solution

by:BigPapaGotti
BigPapaGotti earned 500 total points
ID: 39950379
Sounds like you may have some conflicting NAT/PAT statements since it works but then does not work. How much time elapses between it working and not working? Can you check your static NAT statements to see if any of them are using the same port you are trying to setup (8080). Can you post the sanitized running configuration?
0
 

Author Comment

by:kolathaya123
ID: 39952366
Please find the attached file
nidefirewall.txt
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 500 total points
ID: 39953860
Try the command below and let me know if this resolves your issue:

static (outside,inside) 10.5.3.32 202.135.205.32 netmask 255.255.255.255 0 0

After entering this command clear your xlate table and test it again to see if the issue is resolved.
0
 

Author Comment

by:kolathaya123
ID: 39955090
Hi
I tried the step that you recommended , but no luck

Any suggestion is appreciable

Thanks
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39955772
Can you do a "show access-list incoming" and post the results. I want to see if your ACL is seeing the traffic and permitting for this individual statement. You may need to run the "show access-list incoming" command look at the results, test it, and then run the command again to see if this specific ACL hitcnt is incrementing or not.

Also I see a similar static statement for 202.135.205.98 via port 8090. Does this NAT statement work for this device (10.5.3.15)

Also what about the static NAT statement for 202.135.205.152 to 10.5.3.40? Does this NAT statement work?

Can you also post the results for "show xlate detail"

Finally is the ASA able to ping the server without any issues? Are you certain the firewall on the Server is not blocking port 8080?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Switch requirement for IP Phones 4 44
Gateway Resilience 4 49
Remove username and revert back to Password prompt only (on  TTY Lines)? 8 39
OSPF Question 12 56
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now