FWSM NAT question

Unanswered Question

I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:



interface Vlan80

nameif outside

security-level 50

ip address 172.16.1.254 255.255.255.0 standby 172.16.1.253

!

interface Vlan91

nameif outside-servers

security-level 55

ip address 172.16.2.254 255.255.255.0 standby 172.16.2.253

!

interface Vlan100

nameif inside

security-level 100

ip address 10.10.3.254 255.255.255.0 standby 10.10.3.253


The inside vlan the servers were on is 192.168.20.x/24.


Old IP:

192.168.20.100

New IP:

172.16.2.100


I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to 10.10.3.254?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 04/11/2007 - 11:12
User Badges:
  • Blue, 1500 points or more

how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...

or in your case:

static (outside-servers,inside) 192.168.20.100 172.16.2.2


as well as the proper static route.

acomiskey Fri, 04/27/2007 - 10:29
User Badges:
  • Green, 3000 points or more

I think he meant...


static (outside-servers,inside) 192.168.20.100 172.16.2.100


did you try that as well, that is called Destination NAT and should do the trick.


Actions

This Discussion