Re: Cisco PIX 506

In the config that you had shown, couldnt see any statics configured.
If it is just normal browsing that your users want then you can can
achieve this with the help of a simple NAT and global command.

The syntax is as follows:

nat (inside) 1 10.1.1.0 255.255.255.0
nat (dmz) 1 172.16.16.0 255.255.255.0

global
global (outside) 1 - (in case you want to hide the traffic behind the
outside interface)
global (outside) 1 192.168.1.20-192.168.1.200 netmask 255.255.255.0(in
case you have to use more than1 ip address to hide)

I would recommend using the about formats using NATs and globals.
Statics are more useful in case you want to configure one to one NAT
for servers inside your DMZ.Example, let us say you have a webserver
and someone wants to reach your site, statics is what you have to use.

Hope this helps.

James
http://www.secmanager.com

Spack wrote:
> smbusa2002@yahoo.com wrote on 14 Apr 2006 09:30:21 -0700:
>
> > I have a PIX 506. All my public IP starts with 66.153.... and then they
> > are mapped to a private IP in the PIx(Access list and Static ..)
> > We got some more new IP from my ISP that starts with 64.80....
> > Now I mapped(access list/static in PIX) the new IP (64.80..)
> > I can ping the firewall from inside
> > but then I cannot get it to work. my pC will not go on to the internet
> > Is there any other command i have to put in for 64.80..Ip address
>
> Did you reset the PIX power? Or run clear xlate? You need to clear the
> existing translations in memory, and the arp cache. Had this happen last
> time I changed IPs on a 515.
>
> Dan
Received on Mon May 1 01:09:06 2006