01-16-2007 11:01 AM - edited 03-11-2019 02:20 AM
Hi -
I'm trying to share an IP address between two IP addresses using static PAT, which works fine. The problem comes with the IP address each machine takes when they send outbound traffic (i.e., e-mail). Both machines use the public NAT address for the firewall, but for reverse DNS checks to work properly, I need to resolve them back to their public IP address. There has to be a way around this?
Here's some relevant bits from the config:
static (inside,outside) tcp 1.2.3.4 www 172.16.13.10 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 1.2.3.4 https 172.16.13.11 https netmask 255.255.255.255 0 0
pix1# sh nat
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
pix1# sh global
global (outside) 1 interface
Help is appreciated!
01-16-2007 02:46 PM
change:
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
to:
nat (inside) 0 access-list nonat
nat (inside) 100 0.0.0.0 0.0.0.0 0 0
This leaves plenty of room for many different nat configurations.
Then change:
global (outside) 1 interface
to:
global (outside) 100 interface
try this:
access-list 1x1 permit ip host
nat(inside) 10 access-list 1x1
global(outside) 10 1.2.3.4
HTH
-mike
01-17-2007 07:14 AM
That did it - thanks much for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide