Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
10
Helpful
6
Replies

Route Outside to Inside

townofnewmarket
Level 1
Level 1

‎04-12-2007 06:38 AM - edited ‎03-03-2019 04:31 PM

Comcast gave me a block of 5 "real" IP addresses. Internally, we run 192.168 IPs.

So let's say Comcast gave me 74.74.74.70 to 74.74.74.74. I give the outside interface on the PIX 74.74.74.70, I give my email server (which sits off of the SMC router box that Comcast leaves with you) 74.74.74.71. I want to be able to setup 74.74.74.72 to have a domain like docs.mycompany.com, and redirect that to 192.168.10.5. My pix does not have a DMZ, if that matters.

I am struggling with the necessary commands to make this happen! Can someone tell me...I am mired in global(outside) and static (inside,outside) commands!!! And when I issue one and do a "wr m", if I do it wrong, I can't browse the web anymore. And I can't tell, would my test even work from inside? If the PIX sees me coming from 192.168.10.10, and trying to get to one of my 74s, only to be rerouted right back to a 192.168, would it think mayeb I was spoofing?? Anyway, can someone tell me what commands I need?

Thanks.

Labels:
0 Helpful
6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

‎04-12-2007 08:09 AM

You should not have to change your global and NAT statements. You need to create a static NAT like the one below.

static (inside,outside) tcp 74.74.74.72 80 192.168.10.5 80 netmask 255.255.255.255 0 0

There a ton of options here, so you might want to do a little extra research. Don't forget to grant access via the ACL as well. Testing from the inside will not work, but depending on your PIXOS there is a work around. What version are you running?

HTH and please rate.

townofnewmarket
Level 1
Level 1
In response to Collin Clark

‎04-12-2007 09:35 AM

What do I have to do with the ACL?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to townofnewmarket

‎04-12-2007 09:40 AM

Permit the traffic throught the firewall. For example-

access-list outside_access permit tcp any host 74.74.74.72 eq 80

outside_access is the name of the ACL applied to the outside interface.

HTH and please rate.

newmarket25
Level 1
Level 1
In response to Collin Clark

‎04-12-2007 01:14 PM

I am running PIX 6.3.

You are right, from inside, it does not work. From outside, it works fine.

Is there a workaround so it appears to work from inside? Would be a big help!

0 Helpful

w_basheer
Level 1
Level 1
In response to newmarket25

‎04-12-2007 05:01 PM

sometimes you have to:

static(inside,outside) Real_IP Local_IP

access-list acl-outside permit tcp any Real_IP eq 80

....

access-list acl-inside permit tcp Local_IP any eq 80

.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to newmarket25

‎04-13-2007 09:49 AM

Please lookup the alias command for the work around.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card