Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
3
Replies

Many-to-One DNAT?

mdeguerre
Level 1
Level 1

‎10-30-2007 12:33 PM - edited ‎03-09-2019 07:09 PM

Hypothetical situation -

net 10.10.10.0/24 routes to PIX 'outside' int

webserver on the 'inside' at 192.168.1.1

ACLs asside for the moment, is it possible to have any www traffic hitting the 'outside' interface forwarded towards 192.168.1.1?

Without keying up 255 'alias' entries that is.

Labels:
0 Helpful
3 Replies 3

palomoj
Level 1
Level 1

‎10-30-2007 01:40 PM

static (inside,outside) tcp interface 80 192.168.1.1 80 netmask 255.255.255.255

should take care of your requirement

0 Helpful

mdeguerre
Level 1
Level 1
In response to palomoj

‎10-30-2007 02:21 PM

Thanks for the quick reply but I think I miss-stated what I was going for. "any www traffic hitting the outside int" could have been put a bit more clearly.

Say the outside int ip is 172.16.1.1

Some arbitrary outside router directs 10.10.10.0/24 to 172.16.1.1

I'd like to be on the 'outside' and point my browser to http:\\10.10.10.x and have the PIX automagically show me content on that inside host - where "x" is anything on the subnet.

The static suggestion would work fine but only if I was after http:\\172.16.1.1

0 Helpful

palomoj
Level 1
Level 1
In response to mdeguerre

‎10-30-2007 03:23 PM

I believe you can only have a single one-to-one NAT for the internal 192.168.1.1 web server.

0 Helpful
Customers Also Viewed These Support Documents