07-04-2007 12:22 AM - edited 03-11-2019 03:39 AM
Hi,
I'm in the process of migration our network and would like to NAT the incomming traffic from the internet to the interface (or any local IP).
So far I have this config:
pix-rz# sh run nat
nat (outside) 5 access-list MIGRATION
nat (inside) 0 access-list 101
nat (inside) 2 SMTP 255.255.255.255
nat (inside) 1 Netz_Paragon 255.255.255.0
pix-rz# sh run global
global (outside) 1 interface
global (outside) 2 11.210.240.202
global (inside) 5 172.17.99.99
pix-rz# sh access-list MIGRATION
access-list MIGRATION; 2 elements
access-list MIGRATION line 1 extended permit ip any host 11.210.240.202 (hitcnt=0) 0x9b00c5d9
access-list MIGRATION line 2 extended permit ip any host Lotus_Notes_2 (hitcnt=0) 0xd255c279
pix-rz# sh run static
static (inside,outside) tcp 11.210.240.202 lotusnotes Lotus_Notes_2 lotusnotes netmask 255.255.255.255
I can't get the traffic from the internet to NAT to the 172.17.99.99.
Has anyone done anything like this? Tips, hints would be helpful. Thanks!
Solved! Go to Solution.
07-04-2007 12:31 AM
Hi
Couple of things to change
1) nat (inside) 2 SMTP 255.255.255.255
global (outside) 2 11.210.240.202
should be change to
static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255
This makes it a permanent static translation
2) nat (outside) 5 access-list MIGRATION
change to
nat (outside) 5 access-list MIGRATION outside
What you are trying to do is perfectly possible
HTH
Jon
07-04-2007 12:31 AM
Hi
Couple of things to change
1) nat (inside) 2 SMTP 255.255.255.255
global (outside) 2 11.210.240.202
should be change to
static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255
This makes it a permanent static translation
2) nat (outside) 5 access-list MIGRATION
change to
nat (outside) 5 access-list MIGRATION outside
What you are trying to do is perfectly possible
HTH
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: