FWSM NAT question

Unanswered Question
Apr 11th, 2007

I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:

interface Vlan80

nameif outside

security-level 50

ip address 172.16.1.254 255.255.255.0 standby 172.16.1.253

!

interface Vlan91

nameif outside-servers

security-level 55

ip address 172.16.2.254 255.255.255.0 standby 172.16.2.253

!

interface Vlan100

nameif inside

security-level 100

ip address 10.10.3.254 255.255.255.0 standby 10.10.3.253

The inside vlan the servers were on is 192.168.20.x/24.

Old IP:

192.168.20.100

New IP:

172.16.2.100

I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to 10.10.3.254?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 04/11/2007 - 11:12

how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...

or in your case:

static (outside-servers,inside) 192.168.20.100 172.16.2.2

as well as the proper static route.

niro@optonline.net Thu, 04/26/2007 - 21:06

That didn't work...I keep getting a no translation error on the pix log when I try to connect to it...and when I do a show xlate I'm not seeing 192.168.20.100 at all (or the 172.16.2.2)...

acomiskey Fri, 04/27/2007 - 10:29

I think he meant...

static (outside-servers,inside) 192.168.20.100 172.16.2.100

did you try that as well, that is called Destination NAT and should do the trick.

Actions

This Discussion