INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Cisco Pix 515 6.3 Can't get secondary IP's to function....

ronwoods (IS/IT--Management) (OP)
25 May 11 3:07
I believe I have the correct access-list and static mappings in place, and all mappings on the outside interface IP 75.xxx.xxx.129 work correctly. But as shown in my config below, the secondary mapping for 75.xxx.xxx.131 does now work. What am I missing?

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxx
passwd xxxxxxxx encrypted
hostname Pix
domain-name xxxxx
no fixup protocol dns
no fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sip 5060
no fixup protocol sip udp 5060
no fixup protocol skinny 2000
no fixup protocol smtp 25
no fixup protocol sqlnet 1521
no fixup protocol tftp 69
names
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit tcp any host 75.xxx.xxx.131 eq www
access-list 101 permit tcp any host 75.xxx.xxx.131 eq https
access-list 101 permit tcp any host 75.xxx.xxx.129 eq 3389
access-list 101 permit tcp any host 75.xxx.xxx.129 eq smtp
access-list 101 permit gre any host 75.xxx.xxx.129
access-list 101 permit tcp any host 75.xxx.xxx.129 eq pptp
access-list 101 permit tcp any host 75.xxx.xxx.129 eq https
access-list 101 permit icmp any host 75.xxx.xxx.129 echo-reply
access-list acl_outbound permit ip any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 75.xxx.xxx.129 255.255.255.248
ip address inside 192.xxx.xxx.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 75.xxx.xxx.131 www 192.xxx.xxx.10 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 75.xxx.xxx.131 https 192.xxx.xxx.10 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.xxx.xxx.9 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp 192.xxx.xxx.4 pptp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 3389 192.xxx.xxx.2 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.xxx.xxx.9 https netmask 255.255.255.255 0 0
access-group 101 in interface outside
access-group acl_outbound in interface inside
route outside 0.0.0.0 0.0.0.0 75.xxx.xxx.134 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
telnet 192.xxx.xxx.0 255.255.255.0 inside
telnet timeout 60
ssh timeout 60
console timeout 0
terminal width 80
Cryptochecksum:23854ec0b8e1dd9fc01502bf86333fa0
: end

Any help on this would be greatly appreciated... I am sure it is some simple item I am overlooking... Thanks in advance!

 
acollard83 (IS/IT--Management)
3 Jun 11 9:29
I'm not an expert, but in our config on our 515, I have the access list as below. Then I have the static mappings with the IPs. That might be your issue. I am running 8.0(3) though.

access-list acl_outside extended permit tcp any any eq www
access-list acl_outside extended permit tcp any any eq https
access-list acl_outside extended permit tcp any any eq smtp
access-list acl_outside extended permit tcp any any eq 465

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close