×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PAT/overload from outside to inside

Unanswered Question
Oct 16th, 2007
User Badges:

I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?


Thanks,

Diego

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
sundar.palaniappan Tue, 10/16/2007 - 15:47
User Badges:
  • Green, 3000 points or more

Diego,


You can do this with static, NAT and ACL to address both requirements.


Here's a configuration example that you can use to build your configuration.


Inside Web Host that needs to be accessed from Outside: 192.168.1.2


int e0

nameif outside

security-level 0

ip add 172.16.1.1 255.255.255.0


int e1

nameif inside

security-level 100

ip add 192.168.1.1 255.255.255.0


access-group acl_outside in interface outside


access-list acl_outside permit tcp any host 172.16.1.1 eq www


nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface


static (inside,outside) interface 192.168.1.2 tcp 80


HTH


Sundar



Jon Marshall Tue, 10/16/2007 - 19:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Diego


Sundar has covered most of this but to PAT all outside addresses


access-list PATIN permit ip any host 172.16.1.1


(Note, i'm using Sundar's IP addressing and you might want to tie access down to the particular tcp/udp ports)


nat (outside) 2 access-list PATIN outside

global (inside) 2 interface


HTH


Jon

DIEGO ALONSO Thu, 10/18/2007 - 08:25
User Badges:

Thanks guys. I will give this a shot and let you know what happens.

Actions

This Discussion