NATing Question

Unanswered Question
Jan 26th, 2010
User Badges:

I created a one-to-one NAT statement but when I try to ping the public ip address from the outside, it won't responde. Here is the NAT statement. Any assistance would be greatly apprecaited.


nat(inside) 0 access-list nonat

nat(inside) 1 0.0.0.0 0.0.0.0.0

static (inside,outside) 12.200.199.120 172.17.100.101 netmask 255.255.255.255
static (inside,outside) 12.200.199.121 172.17.100.102 netmask 255.255.255.255

static (inside,outside) 12.200.199.122 172.17.100.103 netmask 255.255.255.255

access-group outside_access_in in interface outside


Thanks,

sK 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Wed, 01/27/2010 - 00:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

I created a one-to-one NAT statement but when I try to ping the public ip address from the outside, it won't responde. Here is the NAT statement. Any assistance would be greatly apprecaited.


nat(inside) 0 access-list nonat

nat(inside) 1 0.0.0.0 0.0.0.0.0

static (inside,outside) 12.200.199.120 172.17.100.101 netmask 255.255.255.255
static (inside,outside) 12.200.199.121 172.17.100.102 netmask 255.255.255.255

static (inside,outside) 12.200.199.122 172.17.100.103 netmask 255.255.255.255

access-group outside_access_in in interface outside


Thanks,

sK 

Hi Sk,


Check out the below link on nat configuuration on PIX firewall hope to help


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml


Ganesh.H

Kureli Sankar Wed, 01/27/2010 - 06:25
User Badges:
  • Cisco Employee,

What is in the nonat acl?

Could you pls. paste the contents?


-KS

vilaxmi Thu, 01/28/2010 - 07:57
User Badges:
  • Cisco Employee,

Hello,


Remeber NAT EXEMPT (nonat) takes higher precedence over static NAT and also nonat with ACL (on HIgher security-level ifc)

is bidirectional.


Keeping that in mind, go ahead and check your nonat access-lists, an if they happen to include the interesting tarffic, then your public IPs WILL NOT repond.  Remove inetresting traffic from nonat ACL, and then your static NAT will take preference, allowing access for users from outside to the servers on inside.



HTH


Vijaya

Actions

This Discussion