02-21-2008 12:22 PM - edited 03-11-2019 05:06 AM
Hi,
Currently I running PAT in PIX (from inside to outside interface) , also I have some STATIC NAT, so the inside user can go to internet. Just like everybody's setting.
global (outside) 1 206.x.x.1 netmask 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255 0 0
Now i also want a PAT in outside interface (from outside to inside interface), so the internet host visit a specific server also need translate to a inside private IP (10.x.x.100). Can I do that ??
access-list 100 permit ip any 10.x.x.99
global (inside) 1 10.x.x.100 netmask 255.255.255.0
nat (outside) 1 access-list 100
is any impact? or anything I need concern ?
Thanks
02-21-2008 01:38 PM
I figured out.
OK
02-22-2008 01:47 PM
What are you trying to accomplish here? This is absolutely not recommended from my point of view (at least how you stated you set it up).
02-25-2008 04:16 AM
Hi,
u already have a similar statement for internet users to access a server in your LAN.
static (inside,outside) 206.x.x.99 10.x.x.99 netmask 255.255.255.255
together with e.g.:
access-list outside permit tcp any host 206.x.x.99 eq www
Only the destination is translated (your server), but why would u translate the internet IP`s ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: