NAT incomming traffic

Answered Question
Jul 4th, 2007

Hi,

I'm in the process of migration our network and would like to NAT the incomming traffic from the internet to the interface (or any local IP).

So far I have this config:

pix-rz# sh run nat

nat (outside) 5 access-list MIGRATION

nat (inside) 0 access-list 101

nat (inside) 2 SMTP 255.255.255.255

nat (inside) 1 Netz_Paragon 255.255.255.0

pix-rz# sh run global

global (outside) 1 interface

global (outside) 2 11.210.240.202

global (inside) 5 172.17.99.99

pix-rz# sh access-list MIGRATION

access-list MIGRATION; 2 elements

access-list MIGRATION line 1 extended permit ip any host 11.210.240.202 (hitcnt=0) 0x9b00c5d9

access-list MIGRATION line 2 extended permit ip any host Lotus_Notes_2 (hitcnt=0) 0xd255c279

pix-rz# sh run static

static (inside,outside) tcp 11.210.240.202 lotusnotes Lotus_Notes_2 lotusnotes netmask 255.255.255.255

I can't get the traffic from the internet to NAT to the 172.17.99.99.

Has anyone done anything like this? Tips, hints would be helpful. Thanks!

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 6 months ago

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 07/04/2007 - 00:31

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

Actions

This Discussion