Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco pix natable issue

Posted on 2014-03-24
10
Medium Priority
?
305 Views
Last Modified: 2014-04-23
Hi,

yesterday i have faced natable issue on cisco pix. after clearing natable by using command clear Xlate and clear local host but it was temporary. actually i did port forwarding for my inside server to access from outside by using port number 80 and 8080 but because of above issue i didn't.
please help me to resolve this.
0
Comment
Question by:kolathaya123
  • 5
  • 4
10 Comments
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39950165
Can you post the commands that you entered to setup portforwarding? Also what version of IOS are you running? Is NAT working on your firewall at all now or not?
0
 

Author Comment

by:kolathaya123
ID: 39950200
PIX Version 6.3(5),command is static (inside,outside) tcp xx.xx.xx.xx 8080 192.1.1.32 8080 netmask 255.255.255.255
and nat is working but port forward is working every time i clear the nat table.
pl suggest.
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39950235
I'm a bit confused. You say that you can only get the port forwarding to work when you clean the NAT table? So just to clarify the scenario You will try and access your server from the outside via port 8080 and it will fail. Then you clear the NAT table and try again and it will allow you to connect? Then finally after some time elapses this will stop working and you are no longer able to connect to the server from the outside UNTIL you clear the NAT table again?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 

Author Comment

by:kolathaya123
ID: 39950269
YES SAME THING IS HAPPENING
CAN YOU SUGGEST PL
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 39950361
please show the whole config
0
 
LVL 9

Assisted Solution

by:BigPapaGotti
BigPapaGotti earned 1500 total points
ID: 39950379
Sounds like you may have some conflicting NAT/PAT statements since it works but then does not work. How much time elapses between it working and not working? Can you check your static NAT statements to see if any of them are using the same port you are trying to setup (8080). Can you post the sanitized running configuration?
0
 

Author Comment

by:kolathaya123
ID: 39952366
Please find the attached file
nidefirewall.txt
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 1500 total points
ID: 39953860
Try the command below and let me know if this resolves your issue:

static (outside,inside) 10.5.3.32 202.135.205.32 netmask 255.255.255.255 0 0

After entering this command clear your xlate table and test it again to see if the issue is resolved.
0
 

Author Comment

by:kolathaya123
ID: 39955090
Hi
I tried the step that you recommended , but no luck

Any suggestion is appreciable

Thanks
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39955772
Can you do a "show access-list incoming" and post the results. I want to see if your ACL is seeing the traffic and permitting for this individual statement. You may need to run the "show access-list incoming" command look at the results, test it, and then run the command again to see if this specific ACL hitcnt is incrementing or not.

Also I see a similar static statement for 202.135.205.98 via port 8090. Does this NAT statement work for this device (10.5.3.15)

Also what about the static NAT statement for 202.135.205.152 to 10.5.3.40? Does this NAT statement work?

Can you also post the results for "show xlate detail"

Finally is the ASA able to ping the server without any issues? Are you certain the firewall on the Server is not blocking port 8080?
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question