Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM & PAT & static NAT & port forwarding problem

Hy!

On our FWSM there are some PAT about ~500 hosts. The DNS server should have a static NAT, some servers should have some port forwarding. I set those but DNS server & other servers can access only from VLAN60. Offices's PAT is work fine but I can't access mapped IP from other VLANs.

VLAN60 : 13.25.60.0/22

VLAN518: 172.18.0.0/16

IP of DNS server: 172.18.255.2 (should have 13.25.60.1)

IP of server1: 172.18.250.1

IPs of Offices: 172.18.0.1-172.18.2.254

Mapped IP: 13.25.60.239

FWSM conf. part. example:

nameif vlan60 outside security1

nameif vlan518 offices security51

access-list NAT extended permit ip any any

access-list static1 extended permit tcp any host 13.25.60.239

access-list static1 extended permit ip any host 13.25.60.1

ip address outside 13.25.63.244 255.255.252.0

ip address offices 172.18.255.254 255.255.0.0

global (outside) 1 13.25.60.2

global (outside) 2 13.25.60.3

global (outside) 3 13.25.60.4

nat (offices) 1 172.18.0.0 255.255.255.0 tcp 0 120

nat (offices) 2 172.18.1.0 255.255.255.0 tcp 0 120

nat (offices) 3 172.18.2.0 255.255.255.0 tcp 0 120

static (offices,outside) 13.25.60.1 172.18.255.2 netmask 255.255.255.255

static (offices,outside) tcp 13.25.60.239 22 172.18.250.1 22 netmask 255.255.255.255

access-group static1 in interface outside

access-group NAT in interface offices

route outside 0.0.0.0 0.0.0.0 13.25.63.254 1

1 REPLY
New Member

Re: FWSM & PAT & static NAT & port forwarding problem

Hy!

I added this to config:

global (outside) 13 13.25.60.239

nat (offices) 13 172.18.250.0 255.255.255.0 tcp 0 120

static (offices,outside) tcp 13.25.60.239 ssh 172.18.250.1 ssh netmask 255.255.255.255

static (offices,outside) tcp 13.25.60.239 44444 172.18.250.1 44444 netmask 255.255.255.255

Now, I can access the backup server of offices from everywhere I would like, and the internet works on the server too.

532
Views
0
Helpful
1
Replies