PIX Static NAT

Unanswered Question
Jan 5th, 2010


currently In our network we done NAT on the Cisco router were

ip nat inside source static XXX.90.XXX.1

Acl is allowing range of ports ---- 80, 1021 to 1281 from Outside to inside

ip nat inside source static tcp 5500 XXX.90.XXX.2 80

Acl is allowing range of ports ---- 80 from Outside to inside

Now when we are Migrating  to PIX 515E

we are not able to do the same its says duplicate entry for when we adding PAT entry after one to one NAT entry

Since the first NAT statement carries range of port we are unable to break the statement (orelse we need to put 250 NAT entry)

kindly suggest us any solution to Static NAT range of Port or some ideas

thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
solpandor Wed, 01/06/2010 - 03:27

Hi Vinu

am i right in saying that you want to assign a static nat (using an IP from a block of your IP's) rather than port forward.  If this is the case then on the pix you would enter a static nat to an inside (private IP) and then apply an acl on the outside interface allowing the ports


create Static

1) static (inside,outside) public_ip netmask

create ACL

2)access-list acl_out permit tcp any host public_ip eq 80

then apply the ACL to the outside interace

3)access-group acl_out in interface outside



This Discussion