Information Technology Reference
In-Depth Information
Table25-3 Troubleshooting Techniques (continued)
Symptom
Possible Problem
Suggested Actions
The external host
cannot access a
host on the local
network (for
example, a web
server).
The outside address does not
know how to route the packets.
Make sure that the router
connected to the outside of the
router knows how to route the
static address of the server.
There is no static or conduit
statement for the server.
Whether it is a WEB server or
an e-mail server, it must have a
static statement and a conduit
statement on the PIX.
The static statement statically
maps an internal addresses to an
external address.
The conduit command opens a
hole for traffic to come through
the PIX and get to the server.
The following is an example for
a WWW server with an internal
address of 10.10.10.20 and an
external (translated) address of
200.200.200.20:
static (inside,outside)
200.200.200.20
10.10.10.20 netmask
255.255.255.255
conduit permit tcp host
200.200.200.20 eq www
any
The PIX does not know how to
route the traffic to the server.
This will happen only if the
server is on a different network
than the PIX.
Check the inside route
statement, and make sure that
the PIX knows how to route the
traffic. Use the
show route
command.
Before Calling Cisco Systems' TAC Team
Before calling Cisco Systems' Technical Assistance Center (TAC), make sure that you have read through
this chapter and completed the actions suggested for your system's problem.
Additionally, do the following and document the results so that we can better assist you:
•
Obtain the version of the PIX IOS software
•
Obtain as much hardware information as possible
