cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
3
Replies

Many-to-One DNAT?

mdeguerre
Level 1
Level 1

Hypothetical situation -

net 10.10.10.0/24 routes to PIX 'outside' int

webserver on the 'inside' at 192.168.1.1

ACLs asside for the moment, is it possible to have any www traffic hitting the 'outside' interface forwarded towards 192.168.1.1?

Without keying up 255 'alias' entries that is.

3 Replies 3

palomoj
Level 1
Level 1

static (inside,outside) tcp interface 80 192.168.1.1 80 netmask 255.255.255.255

should take care of your requirement

Thanks for the quick reply but I think I miss-stated what I was going for. "any www traffic hitting the outside int" could have been put a bit more clearly.

Say the outside int ip is 172.16.1.1

Some arbitrary outside router directs 10.10.10.0/24 to 172.16.1.1

I'd like to be on the 'outside' and point my browser to http:\\10.10.10.x and have the PIX automagically show me content on that inside host - where "x" is anything on the subnet.

The static suggestion would work fine but only if I was after http:\\172.16.1.1

I believe you can only have a single one-to-one NAT for the internal 192.168.1.1 web server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: