FWSM NAT question

Unanswered Question
Apr 11th, 2007

I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:

interface Vlan80

nameif outside

security-level 50

ip address standby


interface Vlan91

nameif outside-servers

security-level 55

ip address standby


interface Vlan100

nameif inside

security-level 100

ip address standby

The inside vlan the servers were on is 192.168.20.x/24.

Old IP:

New IP:

I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Wed, 04/11/2007 - 11:12

how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...

or in your case:

static (outside-servers,inside)

as well as the proper static route.

niro@optonline.net Thu, 04/26/2007 - 21:06

That didn't work...I keep getting a no translation error on the pix log when I try to connect to it...and when I do a show xlate I'm not seeing at all (or the

acomiskey Fri, 04/27/2007 - 10:29

I think he meant...

static (outside-servers,inside)

did you try that as well, that is called Destination NAT and should do the trick.


This Discussion