Solved: Re: fwsm static nat/pat

Antonio_1_2 · ‎10-05-2010

Hello,

is it possible to have on FWSM configuration like this:

static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0

static (inside,outside) tcp 10.0.0.100 80 10.0.0.100 8080 netmask 255.255.255.255

On outside interface i have clients in network 172.16.0.0/24 that need to connect to various servers in inside network 10.0.0.0/24 network

Particulary server 10.0.0.100 listens on port 8080, but clients connect to 10.0.0.100 port 80, so I need port translation.

I have this configuration on my firewall but it doesn't work.

Regards,

A.

mirober2 · ‎10-05-2010

Hi Antonio,

Yes, it is possible. The FWSM should use the best match, which in your case would be the static PAT statement.

Do you also have access permitted in the inbound ACL on the outside interface? What do the syslogs show when a client tries to connect?

-Mike

mirober2 · ‎10-05-2010

Hi Antonio,

Yes, it is possible. The FWSM should use the best match, which in your case would be the static PAT statement.

Do you also have access permitted in the inbound ACL on the outside interface? What do the syslogs show when a client tries to connect?

-Mike

Antonio_1_2 · ‎10-05-2010

Hi Mike,

thank you very much. I gave up too soon and didn't check access-list.

Regards,

A