Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT Trouble

Hi, I want to ask to more experimented network admisnitrators about a problem that I am experimenting and I don't know how to solve:

I have a PIX 515E running 6.3(4) IOS and there are 2 networks configured on it:

Outside 192.168.0.0 /24 (security level 0) and Inside 172.21.0.0 /24 (security level 100).

I used without problems the Static command for mappings from Outside to Inside, using a "virtual IP" in the Outside interface for accesing a host located on the Inside LAN.

Now I need to do the same but in the other direction. I need to use a "virtual IP" in the Inside interface for accessing a host located on the Outside network.

IE:

192.168.0.5 --> NAT --> 172.21.0.5 Works O.K.

172.21.0.10 --> NAT --> 192.168.0.10 I need this mapping

Is it possible to do this running this version of IOS? How can I make this NAT mapping work? I tried a lot of things but no one worked, and I don't know where to find more information about this.

Thank you all for your time, and please excuse my very poor english.

Alejandro.

3 REPLIES
Green

Re: NAT Trouble

If I understand you correctly you probably have something like this...

static (inside,outside) 192.168.0.5 172.21.0.5 netmask 255.255.255.255

To do a destination nat in the other direction it should be something like this...

static (outside,inside) 172.21.0.10 192.168.0.10 netmask 255.255.255.255

New Member

Re: NAT Trouble

I tried this but did't work. The command is accepted, but the connection to the host can't be established.

The commands I charged were:

static (outside,inside) 172.21.0.10 192.168.0.10 netmask 255.255.255.255

access-list INSIDE permit tcp any host 172.21.0.10 eq www

access-group INSIDE in interface inside

Am I making something wrong or it's not supported by my IOS version or firewall?

Thank you for your help!!!

Ale.

Gold

Re: NAT Trouble

are there other entries in the ACL INSIDE?

what is the output of "show access-list INSIDE"?

are you trying to connect to 172.21.0.10 from an inside host?

have you verified www services are running on 192.168.0.10?

can you ping 192.168.0.10 from the pix?

168
Views
0
Helpful
3
Replies
CreatePlease to create content