PAT on PIX outside interface ???

Unanswered Question
Feb 21st, 2008
User Badges:


Currently I running PAT in PIX (from inside to outside interface) , also I have some STATIC NAT, so the inside user can go to internet. Just like everybody's setting.

global (outside) 1 206.x.x.1 netmask

nat (inside) 1 0 0

static (inside,outside) 206.x.x.99 10.x.x.99 netmask 0 0

Now i also want a PAT in outside interface (from outside to inside interface), so the internet host visit a specific server also need translate to a inside private IP (10.x.x.100). Can I do that ??

access-list 100 permit ip any 10.x.x.99

global (inside) 1 10.x.x.100 netmask

nat (outside) 1 access-list 100

is any impact? or anything I need concern ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gadpharns Mon, 02/25/2008 - 04:16
User Badges:


u already have a similar statement for internet users to access a server in your LAN.

static (inside,outside) 206.x.x.99 10.x.x.99 netmask

together with e.g.:

access-list outside permit tcp any host 206.x.x.99 eq www

Only the destination is translated (your server), but why would u translate the internet IP`s ?


This Discussion