FWSM NAT question

Unanswered Question

I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:

interface Vlan80

nameif outside

security-level 50

ip address standby


interface Vlan91

nameif outside-servers

security-level 55

ip address standby


interface Vlan100

nameif inside

security-level 100

ip address standby

The inside vlan the servers were on is 192.168.20.x/24.

Old IP:

New IP:

I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Wed, 04/11/2007 - 11:12
User Badges:
  • Blue, 1500 points or more

how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...

or in your case:

static (outside-servers,inside)

as well as the proper static route.

acomiskey Fri, 04/27/2007 - 10:29
User Badges:
  • Green, 3000 points or more

I think he meant...

static (outside-servers,inside)

did you try that as well, that is called Destination NAT and should do the trick.


This Discussion