01-05-2010 11:23 PM - edited 03-11-2019 09:54 AM
HI,
currently In our network we done NAT on the Cisco router were
ip nat inside source static 10.86.6.251 XXX.90.XXX.1
Acl is allowing range of ports ---- 80, 1021 to 1281 from Outside to inside
ip nat inside source static tcp 10.86.6.251 5500 XXX.90.XXX.2 80
Acl is allowing range of ports ---- 80 from Outside to inside
Now when we are Migrating to PIX 515E
we are not able to do the same its says duplicate entry for 10.86.6.251 when we adding PAT entry after one to one NAT entry
Since the first NAT statement carries range of port we are unable to break the statement (orelse we need to put 250 NAT entry)
kindly suggest us any solution to Static NAT range of Port or some ideas
thanks in advance
vinu
01-06-2010 03:27 AM
Hi Vinu
am i right in saying that you want to assign a static nat (using an IP from a block of your IP's) rather than port forward. If this is the case then on the pix you would enter a static nat to an inside (private IP) and then apply an acl on the outside interface allowing the ports
e.g
create Static
1) static (inside,outside) public_ip 192.168.1.25 netmask 255.255.255.255
create ACL
2)access-list acl_out permit tcp any host public_ip eq 80
then apply the ACL to the outside interace
3)access-group acl_out in interface outside
HTH
01-06-2010 08:59 AM
Hi Vinoth,
Check out the below link for configuration of NAT hope that helps out your query !!
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1112434
Regards
Ganesh.H
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: