×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Help with Static NAT

Unanswered Question
Nov 16th, 2005
User Badges:

I have never dealt with PIX firwalls (I am fairly new in the field). I have a customer that has a 506E. I need to create a static NAT map on it. I have tried and tried with no success. Can you please give me some guidance (with ACLs and the NAT)?


Here is the info on the firewall:


eth0 (outside):

IP: OUR.PUB.LIC.IP

Subnet Mask: 255.255.255.240

Connected to the 1721 router


eth0 (inside):

IP:207.184.18.58

Subnet Mask: 255.255.255.192

Connected to the 2950 Switch


Attached is the running config.






Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
sachinraja Wed, 11/16/2005 - 20:09
User Badges:
  • Red, 2250 points or more

Matt,


consider the server on the inside as 192.168.1.10 and the public IP as 200.200.200.2 (any free IP from the ISP). YOu need to configure the following:


static (inside,outside) 200.200.200.2 192.168.1.10 netmask 255.255.255.255


This creates a mapping on the NAT XLATE table of the PIX. Only if this entry is there on the firewall, traffic from outside can hit the server on the inside network... You also need to give the access-list to permit the required port from outside


access-list outside permit tcp any host 200.200.200.2 eq 80


this will allow http access from outside to the host 200.200.200.2


Hope this helps.. all the best.. rate replies if found useful..


Raj

mattpociask Sat, 11/19/2005 - 09:08
User Badges:

Thanks for the reply. Would I then need to issue an Access-Group command to apply that ACL to an interface? Can you please show me what that command would look like?


Thanks.

s.elmrabet Sat, 11/19/2005 - 13:17
User Badges:

Hi


this is the command to add an access-group


access-group outside in interface outside



Best Regards

Actions

This Discussion