Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM NAT question

I have a question about natting on the FWSM. We want to move a few servers to an outside VLAN but we also want to still be able to hit them using the old inside IP's. Here's the basic set up:

interface Vlan80

nameif outside

security-level 50

ip address 172.16.1.254 255.255.255.0 standby 172.16.1.253

!

interface Vlan91

nameif outside-servers

security-level 55

ip address 172.16.2.254 255.255.255.0 standby 172.16.2.253

!

interface Vlan100

nameif inside

security-level 100

ip address 10.10.3.254 255.255.255.0 standby 10.10.3.253

The inside vlan the servers were on is 192.168.20.x/24.

Old IP:

192.168.20.100

New IP:

172.16.2.100

I'm assuming I'm going to have to set up a static nat and route that host on the 6509 to 10.10.3.254?

5 REPLIES
Gold

Re: FWSM NAT question

how about changing the order of a static nat entry? instead of (inside,outside), change it (outside,inside)...

or in your case:

static (outside-servers,inside) 192.168.20.100 172.16.2.2

as well as the proper static route.

New Member

Re: FWSM NAT question

That didn't work...I keep getting a no translation error on the pix log when I try to connect to it...and when I do a show xlate I'm not seeing 192.168.20.100 at all (or the 172.16.2.2)...

New Member

Re: FWSM NAT question

any ideas?

Green

Re: FWSM NAT question

I think he meant...

static (outside-servers,inside) 192.168.20.100 172.16.2.100

did you try that as well, that is called Destination NAT and should do the trick.

New Member

Re: FWSM NAT question

Pretty sure I did and it didn't work either...but I'll give it another shot...

153
Views
0
Helpful
5
Replies
CreatePlease to create content