Cisco pix natable issue

Hi,

yesterday i have faced natable issue on cisco pix. after clearing natable by using command clear Xlate and clear local host but it was temporary. actually i did port forwarding for my inside server to access from outside by using port number 80 and 8080 but because of above issue i didn't.
please help me to resolve this.
kolathaya123Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
BigPapaGottiConnect With a Mentor Commented:
Try the command below and let me know if this resolves your issue:

static (outside,inside) 10.5.3.32 202.135.205.32 netmask 255.255.255.255 0 0

After entering this command clear your xlate table and test it again to see if the issue is resolved.
0
 
BigPapaGottiCommented:
Can you post the commands that you entered to setup portforwarding? Also what version of IOS are you running? Is NAT working on your firewall at all now or not?
0
 
kolathaya123Author Commented:
PIX Version 6.3(5),command is static (inside,outside) tcp xx.xx.xx.xx 8080 192.1.1.32 8080 netmask 255.255.255.255
and nat is working but port forward is working every time i clear the nat table.
pl suggest.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
BigPapaGottiCommented:
I'm a bit confused. You say that you can only get the port forwarding to work when you clean the NAT table? So just to clarify the scenario You will try and access your server from the outside via port 8080 and it will fail. Then you clear the NAT table and try again and it will allow you to connect? Then finally after some time elapses this will stop working and you are no longer able to connect to the server from the outside UNTIL you clear the NAT table again?
0
 
kolathaya123Author Commented:
YES SAME THING IS HAPPENING
CAN YOU SUGGEST PL
0
 
Istvan KalmarHead of IT Security Division Commented:
please show the whole config
0
 
BigPapaGottiConnect With a Mentor Commented:
Sounds like you may have some conflicting NAT/PAT statements since it works but then does not work. How much time elapses between it working and not working? Can you check your static NAT statements to see if any of them are using the same port you are trying to setup (8080). Can you post the sanitized running configuration?
0
 
kolathaya123Author Commented:
Please find the attached file
nidefirewall.txt
0
 
kolathaya123Author Commented:
Hi
I tried the step that you recommended , but no luck

Any suggestion is appreciable

Thanks
0
 
BigPapaGottiCommented:
Can you do a "show access-list incoming" and post the results. I want to see if your ACL is seeing the traffic and permitting for this individual statement. You may need to run the "show access-list incoming" command look at the results, test it, and then run the command again to see if this specific ACL hitcnt is incrementing or not.

Also I see a similar static statement for 202.135.205.98 via port 8090. Does this NAT statement work for this device (10.5.3.15)

Also what about the static NAT statement for 202.135.205.152 to 10.5.3.40? Does this NAT statement work?

Can you also post the results for "show xlate detail"

Finally is the ASA able to ping the server without any issues? Are you certain the firewall on the Server is not blocking port 8080?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.