Does anybody know if I can configure our PIX to have two NAT's for the same host? Basically our PIX is setup with one inside interface, one server interface, and one ourside interface. I currently have a static nat for the server so that when you go to the public address from the inside interface it translates to the servers real IP. I also need to be able to get to the servers real IP address from the inside interface while still being able to get to the server via it's public address from the inside interface. Here are some portions of the configuration;
access-list acl_out extended permit tcp any host XXX.XXX.XXX.147 object-group http-https
access-list dmz2outside extended permit tcp any host XXX.XXX.XXX.147 object-group http-htts
access-list inside2outside extended permit tcp any host XXX.XXX.XXX.147 object-group http-https
static (dmz,outside) XXX.XXX.XXX.147 LB1_10.107.252.10 netmask 255.255.255.255 dns
static (dmz,inside) XXX.XXX.XXX.147 LB1_10.107.252.10 netmask 255.255.255.255
I think I need to try to add something like;
static (dmz,inside) LB1_10.107.252.10 LB1_10.107.252.10 netmask 255.255.255.255
but the PIX will not let me add that to the configuration stating that the other static rule exists. I don't believe that we can do what we are trying to accomplish here but I just wanted to see if anyone knows for sure.
Thanks,
Matt