Re: Outgoing IP with Static PAT

cmoliver · ‎01-16-2007

Hi -

I'm trying to share an IP address between two IP addresses using static PAT, which works fine. The problem comes with the IP address each machine takes when they send outbound traffic (i.e., e-mail). Both machines use the public NAT address for the firewall, but for reverse DNS checks to work properly, I need to resolve them back to their public IP address. There has to be a way around this?

Here's some relevant bits from the config:

static (inside,outside) tcp 1.2.3.4 www 172.16.13.10 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 1.2.3.4 https 172.16.13.11 https netmask 255.255.255.255 0 0

pix1# sh nat

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

pix1# sh global

global (outside) 1 interface

Help is appreciated!

mmorris11 · ‎01-16-2007

change:

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

to:

nat (inside) 0 access-list nonat

nat (inside) 100 0.0.0.0 0.0.0.0 0 0

This leaves plenty of room for many different nat configurations.

Then change:

global (outside) 1 interface

to:

global (outside) 100 interface

try this:

access-list 1x1 permit ip host any

nat(inside) 10 access-list 1x1

global(outside) 10 1.2.3.4

HTH

-mike

cmoliver · ‎01-17-2007

That did it - thanks much for the help!