10-30-2007 12:33 PM - edited 03-09-2019 07:09 PM
Hypothetical situation -
net 10.10.10.0/24 routes to PIX 'outside' int
webserver on the 'inside' at 192.168.1.1
ACLs asside for the moment, is it possible to have any www traffic hitting the 'outside' interface forwarded towards 192.168.1.1?
Without keying up 255 'alias' entries that is.
10-30-2007 01:40 PM
static (inside,outside) tcp interface 80 192.168.1.1 80 netmask 255.255.255.255
should take care of your requirement
10-30-2007 02:21 PM
Thanks for the quick reply but I think I miss-stated what I was going for. "any www traffic hitting the outside int" could have been put a bit more clearly.
Say the outside int ip is 172.16.1.1
Some arbitrary outside router directs 10.10.10.0/24 to 172.16.1.1
I'd like to be on the 'outside' and point my browser to http:\\10.10.10.x and have the PIX automagically show me content on that inside host - where "x" is anything on the subnet.
The static suggestion would work fine but only if I was after http:\\172.16.1.1
10-30-2007 03:23 PM
I believe you can only have a single one-to-one NAT for the internal 192.168.1.1 web server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: