Route Outside to Inside

Unanswered Question
Apr 12th, 2007

Comcast gave me a block of 5 "real" IP addresses. Internally, we run 192.168 IPs.

So let's say Comcast gave me to I give the outside interface on the PIX, I give my email server (which sits off of the SMC router box that Comcast leaves with you) I want to be able to setup to have a domain like, and redirect that to My pix does not have a DMZ, if that matters.

I am struggling with the necessary commands to make this happen! Can someone tell me...I am mired in global(outside) and static (inside,outside) commands!!! And when I issue one and do a "wr m", if I do it wrong, I can't browse the web anymore. And I can't tell, would my test even work from inside? If the PIX sees me coming from, and trying to get to one of my 74s, only to be rerouted right back to a 192.168, would it think mayeb I was spoofing?? Anyway, can someone tell me what commands I need?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Collin Clark Thu, 04/12/2007 - 08:09

You should not have to change your global and NAT statements. You need to create a static NAT like the one below.

static (inside,outside) tcp 80 80 netmask 0 0

There a ton of options here, so you might want to do a little extra research. Don't forget to grant access via the ACL as well. Testing from the inside will not work, but depending on your PIXOS there is a work around. What version are you running?

HTH and please rate.

Collin Clark Thu, 04/12/2007 - 09:40

Permit the traffic throught the firewall. For example-

access-list outside_access permit tcp any host eq 80

outside_access is the name of the ACL applied to the outside interface.

HTH and please rate.

newmarket25 Thu, 04/12/2007 - 13:14

I am running PIX 6.3.

You are right, from inside, it does not work. From outside, it works fine.

Is there a workaround so it appears to work from inside? Would be a big help!

w_basheer Thu, 04/12/2007 - 17:01

sometimes you have to:

static(inside,outside) Real_IP Local_IP

access-list acl-outside permit tcp any Real_IP eq 80


access-list acl-inside permit tcp Local_IP any eq 80



This Discussion