Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM & PAT & static NAT & port forwarding problem


On our FWSM there are some PAT about ~500 hosts. The DNS server should have a static NAT, some servers should have some port forwarding. I set those but DNS server & other servers can access only from VLAN60. Offices's PAT is work fine but I can't access mapped IP from other VLANs.

VLAN60 :


IP of DNS server: (should have

IP of server1:

IPs of Offices:

Mapped IP:

FWSM conf. part. example:

nameif vlan60 outside security1

nameif vlan518 offices security51

access-list NAT extended permit ip any any

access-list static1 extended permit tcp any host

access-list static1 extended permit ip any host

ip address outside

ip address offices

global (outside) 1

global (outside) 2

global (outside) 3

nat (offices) 1 tcp 0 120

nat (offices) 2 tcp 0 120

nat (offices) 3 tcp 0 120

static (offices,outside) netmask

static (offices,outside) tcp 22 22 netmask

access-group static1 in interface outside

access-group NAT in interface offices

route outside 1

New Member

Re: FWSM & PAT & static NAT & port forwarding problem


I added this to config:

global (outside) 13

nat (offices) 13 tcp 0 120

static (offices,outside) tcp ssh ssh netmask

static (offices,outside) tcp 44444 44444 netmask

Now, I can access the backup server of offices from everywhere I would like, and the internet works on the server too.