Nating with PIX 515

Unanswered Question
Jul 20th, 2010
User Badges:


We have an issue with a 515 PIX.  Here is the situation:

1) Users use a client/server application that is remotely located.  The local network at site 1 where the users are located uses private addressing 192.168.x.x and NAT to the exterior with the 515 to a IP of a private WAN in the 10.x.x.x

2) The remote server is at let's say, so the nat is done at the 515 on the source address

3) This application have a backup server located INSIDE site 1.  Therefore, the users always uses the foreign address and the network at site 1 have to nat this adresse to an INSIDE address in the 192.168.x.x. to the backup server.

How do you do that?  Nating the destination address to redirect the traffic to internal?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bknoblau Tue, 07/20/2010 - 13:36
User Badges:


If I understand you correctly, you are wishing to add a rule on the firewall so that if users on the inside try to access the foreign IP address of the backup server ( they will be redirected back out the inside to the real IP of the server 192.168.x.x.  This can be done by using a configuration called "Hairpinning".  Add the following commands for this translation to occur:

global (inside) 1 interface

static (inside,inside) 192.168.x.x

same-security-traffic permit intra-interface

For more information about this setup, the following link is to a document that describes "hairpinning" and the configuration in more detail.




This Discussion

Related Content