Ik heb een PIX 2600 en daar wil ik een static NAT mapping in maken. En volgens mij doe ik het goed m.b.t. access lists, en de NAT mapping. Ik heb me er al suf over gestaart. Weet iemand wat ik fout doe. (ps, clear ip nat trans * al diverse malen gedraait)
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
| Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname XXXXXXXXX ! enable secret 5 XXXXXXX enable password 7 XXXXXXX ! username XXXXXXX password 7 094E5B1A1300 username XXXXXXX password 7 04482B161F015E5A48 username XXXXXXX password 7 08224343191814 ! ! ! ! ip subnet-zero no ip source-route no ip finger ip name-server 194.151.228.18 ! ip inspect max-incomplete high 1100 ip inspect one-minute high 1100 ip inspect name Ethernet_0_0 tcp ip inspect name Ethernet_0_0 udp ip inspect name Ethernet_0_0 cuseeme ip inspect name Ethernet_0_0 ftp ip inspect name Ethernet_0_0 h323 ip inspect name Ethernet_0_0 rcmd ip inspect name Ethernet_0_0 realaudio ip inspect name Ethernet_0_0 smtp ip inspect name Ethernet_0_0 streamworks ip inspect name Ethernet_0_0 vdolive ip inspect name Ethernet_0_0 sqlnet ip inspect name Ethernet_0_0 tftp ip audit notify log ip audit po max-events 100 isdn voice-call-failure 0 ! ! ! interface Ethernet0/0 description connected to EthernetLAN ip address 192.168.101.1 255.255.255.0 secondary ip address 192.168.100.1 255.255.255.0 ip access-group 100 in no ip directed-broadcast ip nat inside ip inspect Ethernet_0_0 in ! interface BRI0/0 no ip address no ip directed-broadcast isdn guard-timer 0 on-expiry accept ! interface Serial0/0 description MAIN WAN interface no ip address no ip directed-broadcast encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0/0.500 point-to-point description connected to Internet ip address 194.XX.64.97 255.255.255.240 ip access-group 105 in no ip directed-broadcast ip nat outside frame-relay interface-dlci 500 ! interface Dialer1 description inbelvoorziening Remote bandwidth 64 ip address 192.168.30.1 255.255.255.0 ip directed-broadcast encapsulation ppp dialer remote-name remote1 dialer pool 1 dialer caller XXXXXXXX dialer caller XXXXXXXX dialer-group 1 peer default ip address pool isdnpc no cdp enable ppp callback accept ppp authentication chap ! router rip version 2 redistribute static passive-interface Serial0/0 network 192.168.100.0 network 192.168.101.0 ! ip local pool isdnpc 192.168.30.10 192.168.30.20 ip nat inside source list 7 interface Serial0/0.500 overload ip nat inside source static tcp 192.168.100.24 25 194.XX.64.97 25 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0.500 ip route 192.168.30.0 255.255.255.0 Dialer1 ip http server ! access-list 1 permit any access-list 7 permit 0.0.0.0 access-list 7 permit any access-list 100 permit ip 192.168.100.0 0.0.0.255 any access-list 105 permit ip host 213.46.100.148 any access-list 105 permit ip host 195.86.13.106 any access-list 105 deny ip any any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 15 0 login local transport input none line aux 0 line vty 0 4 exec-timeout 15 0 login local ! end |