Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NAT incomming traffic

Hi,

I'm in the process of migration our network and would like to NAT the incomming traffic from the internet to the interface (or any local IP).

So far I have this config:

pix-rz# sh run nat

nat (outside) 5 access-list MIGRATION

nat (inside) 0 access-list 101

nat (inside) 2 SMTP 255.255.255.255

nat (inside) 1 Netz_Paragon 255.255.255.0

pix-rz# sh run global

global (outside) 1 interface

global (outside) 2 11.210.240.202

global (inside) 5 172.17.99.99

pix-rz# sh access-list MIGRATION

access-list MIGRATION; 2 elements

access-list MIGRATION line 1 extended permit ip any host 11.210.240.202 (hitcnt=0) 0x9b00c5d9

access-list MIGRATION line 2 extended permit ip any host Lotus_Notes_2 (hitcnt=0) 0xd255c279

pix-rz# sh run static

static (inside,outside) tcp 11.210.240.202 lotusnotes Lotus_Notes_2 lotusnotes netmask 255.255.255.255

I can't get the traffic from the internet to NAT to the 172.17.99.99.

Has anyone done anything like this? Tips, hints would be helpful. Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: NAT incomming traffic

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

1 REPLY
Hall of Fame Super Blue

Re: NAT incomming traffic

Hi

Couple of things to change

1) nat (inside) 2 SMTP 255.255.255.255

global (outside) 2 11.210.240.202

should be change to

static (inside,outside) 11.210.240.202 SMTP netmask 255.255.255.255

This makes it a permanent static translation

2) nat (outside) 5 access-list MIGRATION

change to

nat (outside) 5 access-list MIGRATION outside

What you are trying to do is perfectly possible

HTH

Jon

104
Views
0
Helpful
1
Replies
CreatePlease login to create content