I think your network is like this-

----Internet----

| |

ASA PIX

|-----6509-----|

|

Server

Assuming servers private IP is x.x.x.x and public IP mapping is to y.y.y.y, you

can apply following commands on ASA-

static (inside,outside) y.y.y.y x.x.x.10

access-list outin permit tcp any host y.y.y.y eq 80

access-group outin in interface outside

//Assuming that inside server is a webserver, else change the ACL accordingly.

access-list nat-outside permit ip any host y.y.y.y

nat (outside) 10 access-list nat-outside outside

global (inside) 10 x.x.x.20

Now anyone trying to access x.x.x.10 server through ASA, will get translated to

x.x.x.20 and replies will go through ASA. Hope this helps.

Regards,

Vibhor.

thank you for your concerns,

assume the real server IP is 1.2.3.4

server IP 172.16.1.10

internal Pool: 192.168.1.0/24

now i want when a user in the internet try to access the internal server, the source IP of packets when enter the ASA be translated to 192.168.1.0/24, and the destination be translated to 172.16.1.10.

so in 6509 i can translate static route to 192.168.1.0/24 through the ASA

Following will translate the server from its real IP of 1.2.3.4 to 172.16.1.10 on outside interface.

static (inside,outside) 172.16.1.10 1.2.3.4

Outside users, when trying to access 172.16.1.10, will get translated to 192.168.1.0-254 addresses.

access-list nat-outside permit ip any host 172.16.1.10

nat (outside) 10 access-list nat-outside outside

global (inside) 10 192.168.1.1-192.168.1.253

global (inside) 10 192.168.1.254

HTH.

Regards,

Vibhor.

Thank you Vibhor,

Is it secure to translate from outside to inside.

Regards