cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
335
Views
0
Helpful
1
Replies

NAT incomming traffic

Hi,

I'm in the process of migration our network and would like to NAT the incomming traffic from the internet to the interface (or any local IP).

So far I have this config:

pix-rz# sh run nat

nat (outside) 5 access-list MIGRATION

nat (inside) 0 access-list 101

nat (inside) 2 SMTP 255.255.255.255

nat (inside) 1 Netz_Paragon 255.255.255.0

pix-rz# sh run global

global (outside) 1 interface

global (outside) 2 11.210.240.202

global (inside) 5 172.17.99.99

pix-rz# sh access-list MIGRATION

access-list MIGRATION; 2 elements

access-list MIGRATION line 1 extended permit ip any host 11.210.240.202 (hitcnt=0) 0x9b00c5d9

access-list MIGRATION line 2 extended permit ip any host Lotus_Notes_2 (hitcnt=0) 0xd255c279

pix-rz# sh run static

static (inside,outside) tcp 11.210.240.202 lotusnotes Lotus_Notes_2 lotusnotes netmask 255.255.255.255

I can't get the traffic from the internet to NAT to the 172.17.99.99.

Has anyone done anything like this? Tips, hints would be helpful. Thanks!

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

View solution in original post

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: