Help with Static NAT

mattpociask · ‎11-16-2005

I have never dealt with PIX firwalls (I am fairly new in the field). I have a customer that has a 506E. I need to create a static NAT map on it. I have tried and tried with no success. Can you please give me some guidance (with ACLs and the NAT)?

Here is the info on the firewall:

eth0 (outside):

IP: OUR.PUB.LIC.IP

Subnet Mask: 255.255.255.240

Connected to the 1721 router

eth0 (inside):

IP:207.184.18.58

Subnet Mask: 255.255.255.192

Connected to the 2950 Switch

Attached is the running config.

sachinraja · ‎11-16-2005

Matt,

consider the server on the inside as 192.168.1.10 and the public IP as 200.200.200.2 (any free IP from the ISP). YOu need to configure the following:

static (inside,outside) 200.200.200.2 192.168.1.10 netmask 255.255.255.255

This creates a mapping on the NAT XLATE table of the PIX. Only if this entry is there on the firewall, traffic from outside can hit the server on the inside network... You also need to give the access-list to permit the required port from outside

access-list outside permit tcp any host 200.200.200.2 eq 80

this will allow http access from outside to the host 200.200.200.2

Hope this helps.. all the best.. rate replies if found useful..

Raj

mattpociask · ‎11-19-2005

Thanks for the reply. Would I then need to issue an Access-Group command to apply that ACL to an interface? Can you please show me what that command would look like?

Thanks.

s.elmrabet · ‎11-19-2005

Hi

this is the command to add an access-group

access-group outside in interface outside

Best Regards