source ip translation using static

Answered Question
Mar 6th, 2007

Hello

How can I configure on the PIX static src ip address translation for traffic coming in from the outside to the inside if.

What is the difference and syntax when configuring static source and destination ip nat.

Thanks in advance

Best regards

Lukasz

I have this problem too.
0 votes
Correct Answer by Kamal Malhotra about 9 years 10 months ago

Hi Lukasz,

Jon has given you the type of command you need. I'll try to explain how it goes :

In case of a regular static where the source of the traffic (that needs to get natted) is the inside network, the syntax of the command is :

static (inside,outside)

When the source of the traffic (that needs to get natted) is the outside network, the syntax of the command is :

static (outside,inside)

HTH,

Please rate if it helps,

Regards,

Kamal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 03/07/2007 - 00:18

Hi

Outside source address is 172.16.5.10

You want to NAT it to 192.168.5.11

static (outside,inside) 192.168.5.11 172.16.5.10 netmask 255.255.255.255

HTH

Jon

Correct Answer
Kamal Malhotra Wed, 03/07/2007 - 02:19

Hi Lukasz,

Jon has given you the type of command you need. I'll try to explain how it goes :

In case of a regular static where the source of the traffic (that needs to get natted) is the inside network, the syntax of the command is :

static (inside,outside)

When the source of the traffic (that needs to get natted) is the outside network, the syntax of the command is :

static (outside,inside)

HTH,

Please rate if it helps,

Regards,

Kamal

lukaszkhalil Thu, 03/08/2007 - 02:41

Hello

I?ve checked the configuration, you had provided me but unfortunately it doesn?t work.

Below is my test configuration example

FWSM Version 2.3(2)

nameif vlan2 outside security0

nameif vlan3 inside security100

enable password xxx

passwd xxx

hostname test

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

no fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list deny-flow-max 4096

access-list alert-interval 300

access-list outside extended permit ip any any

access-list outside extended permit icmp any any

access-list inside extended permit ip any any

access-list inside extended permit icmp any any

pager lines 24

logging buffer-size 4096

mtu outside 1500

mtu inside 1500

ip address outside 10.0.0.254 255.255.255.0

ip address inside 192.168.1.254 255.255.255.0

icmp permit any outside

icmp permit any inside

no pdm history enable

arp timeout 14400

static (outside,inside) 192.168.1.32 10.0.0.1 netmask 255.255.255.255

access-group outside in interface outside

access-group inside in interface inside

....

I am not able to connect to the server in network 192.168.1.0/24 from the host 10.0.0.1.

Please, correct me if I made a mistake in my config or I misunderstood you.

Thank You in advace

Lukasz

laurent.geyer Tue, 03/13/2007 - 09:28

Change your static statement to following:

static (inside,outside) 192.168.1.32 192.168.1.32 netmask 255.255.255.255

This should do the trick. I'll let the TAC engineer explain pix/asa interface translation behavior :D

Actions

This Discussion