Port Translation on Pix 7.2(2)

Unanswered Question

When I do a static NAT on the Pix:-static (inside,outside) 172.16.1.2 192.168.1.2 netmask 255.255.255.255

I can see the inside IP address 192.168.1.2 is translated to 172.16.1.2 on the outside interface using the network sniffer. However if I introduce a port translation :-

static (inside,outside) tcp 172.16.1.2 www 192.168.1.2 8080 netmask 255.255.255.255 then the sniffer picks up the inside address on the outside interface and not the 172.16.1.2 address.

What have I missed here?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ecouto Thu, 04/26/2007 - 07:03
User Badges:

I think you need to add "outbound" nat rules too.


static (inside,outside) tcp 172.16.1.2 www 192.168.1.2 8080 netmask 255.255.255.255


only will translate and forward port when traffic is coming from outside to the external address (172.16.1.2). But if you want to go from inside (192.168.1.2) to outside, you need to add this:


global (outside) 1 172.16.1.2

nat (inside) 1 192.168.1.2 255.255.255.255


Cheers,


Emilio

Actions

This Discussion