PAT on PIX outside interface ???

Unanswered Question
Feb 21st, 2008
User Badges:

Hi,

Currently I running PAT in PIX (from inside to outside interface) , also I have some STATIC NAT, so the inside user can go to internet. Just like everybody's setting.

global (outside) 1 206.x.x.1 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255 0 0


Now i also want a PAT in outside interface (from outside to inside interface), so the internet host visit a specific server also need translate to a inside private IP (10.x.x.100). Can I do that ??


access-list 100 permit ip any 10.x.x.99

global (inside) 1 10.x.x.100 netmask 255.255.255.0

nat (outside) 1 access-list 100


is any impact? or anything I need concern ?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gadpharns Mon, 02/25/2008 - 04:16
User Badges:

Hi,

u already have a similar statement for internet users to access a server in your LAN.


static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255

together with e.g.:

access-list outside permit tcp any host 206.x.x.99 eq www


Only the destination is translated (your server), but why would u translate the internet IP`s ?

Actions

This Discussion