04-11-2007 10:59 AM - edited 03-11-2019 02:58 AM
I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:
interface Vlan80
nameif outside
security-level 50
ip address 172.16.1.254 255.255.255.0 standby 172.16.1.253
!
interface Vlan91
nameif outside-servers
security-level 55
ip address 172.16.2.254 255.255.255.0 standby 172.16.2.253
!
interface Vlan100
nameif inside
security-level 100
ip address 10.10.3.254 255.255.255.0 standby 10.10.3.253
The inside vlan the servers were on is 192.168.20.x/24.
Old IP:
192.168.20.100
New IP:
172.16.2.100
I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to 10.10.3.254?
04-11-2007 11:12 AM
how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...
or in your case:
static (outside-servers,inside) 192.168.20.100 172.16.2.2
as well as the proper static route.
04-26-2007 09:06 PM
That didn't work...I keep getting a no translation error on the pix log when I try to connect to it...and when I do a show xlate I'm not seeing 192.168.20.100 at all (or the 172.16.2.2)...
04-27-2007 10:15 AM
any ideas?
04-27-2007 10:29 AM
I think he meant...
static (outside-servers,inside) 192.168.20.100 172.16.2.100
did you try that as well, that is called Destination NAT and should do the trick.
04-27-2007 01:14 PM
Pretty sure I did and it didn't work either...but I'll give it another shot...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide