10-16-2007 01:15 PM - edited 03-11-2019 04:26 AM
I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?
Thanks,
Diego
10-16-2007 03:47 PM
Diego,
You can do this with static, NAT and ACL to address both requirements.
Here's a configuration example that you can use to build your configuration.
Inside Web Host that needs to be accessed from Outside: 192.168.1.2
int e0
nameif outside
security-level 0
ip add 172.16.1.1 255.255.255.0
int e1
nameif inside
security-level 100
ip add 192.168.1.1 255.255.255.0
access-group acl_outside in interface outside
access-list acl_outside permit tcp any host 172.16.1.1 eq www
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface
static (inside,outside) interface 192.168.1.2 tcp 80
HTH
Sundar
10-16-2007 07:41 PM
Hi Diego
Sundar has covered most of this but to PAT all outside addresses
access-list PATIN permit ip any host 172.16.1.1
(Note, i'm using Sundar's IP addressing and you might want to tie access down to the particular tcp/udp ports)
nat (outside) 2 access-list PATIN outside
global (inside) 2 interface
HTH
Jon
10-18-2007 08:25 AM
Thanks guys. I will give this a shot and let you know what happens.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: