Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT Trouble

Hi, I want to ask to more experimented network admisnitrators about a problem that I am experimenting and I don't know how to solve:

I have a PIX 515E running 6.3(4) IOS and there are 2 networks configured on it:

Outside /24 (security level 0) and Inside /24 (security level 100).

I used without problems the Static command for mappings from Outside to Inside, using a "virtual IP" in the Outside interface for accesing a host located on the Inside LAN.

Now I need to do the same but in the other direction. I need to use a "virtual IP" in the Inside interface for accessing a host located on the Outside network.

IE: --> NAT --> Works O.K. --> NAT --> I need this mapping

Is it possible to do this running this version of IOS? How can I make this NAT mapping work? I tried a lot of things but no one worked, and I don't know where to find more information about this.

Thank you all for your time, and please excuse my very poor english.



Re: NAT Trouble

If I understand you correctly you probably have something like this...

static (inside,outside) netmask

To do a destination nat in the other direction it should be something like this...

static (outside,inside) netmask

New Member

Re: NAT Trouble

I tried this but did't work. The command is accepted, but the connection to the host can't be established.

The commands I charged were:

static (outside,inside) netmask

access-list INSIDE permit tcp any host eq www

access-group INSIDE in interface inside

Am I making something wrong or it's not supported by my IOS version or firewall?

Thank you for your help!!!



Re: NAT Trouble

are there other entries in the ACL INSIDE?

what is the output of "show access-list INSIDE"?

are you trying to connect to from an inside host?

have you verified www services are running on

can you ping from the pix?

CreatePlease to create content