Solved: Pix 515 E routing

wgranada1 · ‎06-29-2010

I have pix 515E that a proxy server hits to go out to the internet. The issue Pix I have it set up that anything on the

192.168.5.0/24 subnet gets NATTed to the public IP of 38.125.160.200 and all works find and all. The proxy server's

IP address is 192.168.5.8. The issue that I found out was that on the inboud side found out that there is a static

NAT

static (inside,outside) 64.77.50.24 192.168.5.8 dns netmask 255.255.255.255

which causes our back ups to not work cause the third party is expecting a 38.125.160.200 but instead they see

this 64.77.50.24. The simple solution is to get ride of that static but I was told that will screw up in bound connections

going to the Proxy server. Is there any way that I can say anything

coming from the 192.168.5.8 address going outbond will be natted to the public IP of 38.125.160.200

and the inbound will remain as is:

static (inside,outside) 64.77.50.24 192.168.5.8 dns netmask 255.255.255.255

Thank you in advance for your help!!!

Kureli Sankar · ‎06-29-2010

Yes. you can accomplish this but not with what you have already configured.

If you change this 1-1 static for inbound for specific tcp or udp ports

static (inside,outside) tcp 64.77.50.24 8080 192.168.5.8 8080 netmask 255.255.255.255

then you can add

nat (inside) 100 192.168.5.8 255.255.255.255

global (outside) 100 38.125.160.200

This will make the host 192.168.5.8 look like 38.125.160.200 for outbound and for inbound 64.77.50.24 will work.

-KS

Kureli Sankar · ‎06-29-2010