cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
0
Helpful
3
Replies

PAT on PIX outside interface ???

rico_hao40
Level 1
Level 1

Hi,

Currently I running PAT in PIX (from inside to outside interface) , also I have some STATIC NAT, so the inside user can go to internet. Just like everybody's setting.

global (outside) 1 206.x.x.1 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255 0 0

Now i also want a PAT in outside interface (from outside to inside interface), so the internet host visit a specific server also need translate to a inside private IP (10.x.x.100). Can I do that ??

access-list 100 permit ip any 10.x.x.99

global (inside) 1 10.x.x.100 netmask 255.255.255.0

nat (outside) 1 access-list 100

is any impact? or anything I need concern ?

Thanks

3 Replies 3

rico_hao40
Level 1
Level 1

I figured out.

OK

What are you trying to accomplish here? This is absolutely not recommended from my point of view (at least how you stated you set it up).

gadpharns
Level 1
Level 1

Hi,

u already have a similar statement for internet users to access a server in your LAN.

static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255

together with e.g.:

access-list outside permit tcp any host 206.x.x.99 eq www

Only the destination is translated (your server), but why would u translate the internet IP`s ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: