10-16-2007 01:15 PM - edited 03-11-2019 04:26 AM
I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?
Thanks,
Diego
10-16-2007 03:47 PM
Diego,
You can do this with static, NAT and ACL to address both requirements.
Here's a configuration example that you can use to build your configuration.
Inside Web Host that needs to be accessed from Outside: 192.168.1.2
int e0
nameif outside
security-level 0
ip add 172.16.1.1 255.255.255.0
int e1
nameif inside
security-level 100
ip add 192.168.1.1 255.255.255.0
access-group acl_outside in interface outside
access-list acl_outside permit tcp any host 172.16.1.1 eq www
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface
static (inside,outside) interface 192.168.1.2 tcp 80
HTH
Sundar
10-16-2007 07:41 PM
Hi Diego
Sundar has covered most of this but to PAT all outside addresses
access-list PATIN permit ip any host 172.16.1.1
(Note, i'm using Sundar's IP addressing and you might want to tie access down to the particular tcp/udp ports)
nat (outside) 2 access-list PATIN outside
global (inside) 2 interface
HTH
Jon
10-18-2007 08:25 AM
Thanks guys. I will give this a shot and let you know what happens.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide