Running multiple services behind PIX 1

[fatsamsdisco]

I have a pix 505 with PAT set up to convert all inside users to the single address of the outside IP address. I need to run 4 services for external access. Web, SMTP, POP3 and FTP. The SMTP and POP3 work fine. The WEB is on the same server (webmail) but shields up reports this port as stealth. I used a port based object group containing www, smtp, pop3 in an access list and have the static routes for the smtp and pop3 set up. When I try to put in the static route for

http://www I

get a message saying it overlaps with the outbound PAT. I can't see what the problem is. All help greatfully received

 

[fatsamsdisco]

Silly me I meant PIX 501 sorry

 

[Supergrrover]

Can you post your config?

What do your statics look like? I am assuming that you are using policy NAT due to the single IP.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[fatsamsdisco]

Relavent portion of the config is below. I am using a port object group for the access list with smtp and pop3 working fine.

object-group service Oxygen tcp
description Mail and web access
port-object eq www
port-object eq pop3
port-object eq smtp
access-list PERMIT_IN permit tcp any interface outside object-group Oxygen
access-list PERMIT_IN deny ip any any
access-group PERMIT_IN in interface outside
static (inside,outside) tcp interface smtp 10.0.0.80 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 10.0.0.80 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface

http://www 10.0.0.80

http://www netmask

255.255.255.255 0 0

 

[fatsamsdisco]

I have solved this problem. Not a PIX problem at all. The DSL router had been reset to factory default by another person and was by default blocking

http://www and

ftp access.

Moral - when checking firewall, check that data is reaching the firewall.

Many thanks Brent for your time