NAT incomming traffic

Answered Question
Jul 4th, 2007
User Badges:

Hi,


I'm in the process of migration our network and would like to NAT the incomming traffic from the internet to the interface (or any local IP).


So far I have this config:


pix-rz# sh run nat

nat (outside) 5 access-list MIGRATION

nat (inside) 0 access-list 101

nat (inside) 2 SMTP 255.255.255.255

nat (inside) 1 Netz_Paragon 255.255.255.0

pix-rz# sh run global

global (outside) 1 interface

global (outside) 2 11.210.240.202

global (inside) 5 172.17.99.99

pix-rz# sh access-list MIGRATION

access-list MIGRATION; 2 elements

access-list MIGRATION line 1 extended permit ip any host 11.210.240.202 (hitcnt=0) 0x9b00c5d9

access-list MIGRATION line 2 extended permit ip any host Lotus_Notes_2 (hitcnt=0) 0xd255c279

pix-rz# sh run static

static (inside,outside) tcp 11.210.240.202 lotusnotes Lotus_Notes_2 lotusnotes netmask 255.255.255.255


I can't get the traffic from the internet to NAT to the 172.17.99.99.


Has anyone done anything like this? Tips, hints would be helpful. Thanks!

Correct Answer by Jon Marshall about 9 years 12 months ago

Hi


Couple of things to change


1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202


should be change to


static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255


This makes it a permanent static translation


2) nat (outside) 5 access-list MIGRATION


change to


nat (outside) 5 access-list MIGRATION outside


What you are trying to do is perfectly possible


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 07/04/2007 - 00:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Couple of things to change


1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202


should be change to


static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255


This makes it a permanent static translation


2) nat (outside) 5 access-list MIGRATION


change to


nat (outside) 5 access-list MIGRATION outside


What you are trying to do is perfectly possible


HTH


Jon

Actions

This Discussion