Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Outgoing IP with Static PAT

Hi -

I'm trying to share an IP address between two IP addresses using static PAT, which works fine. The problem comes with the IP address each machine takes when they send outbound traffic (i.e., e-mail). Both machines use the public NAT address for the firewall, but for reverse DNS checks to work properly, I need to resolve them back to their public IP address. There has to be a way around this?

Here's some relevant bits from the config:

static (inside,outside) tcp 1.2.3.4 www 172.16.13.10 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 1.2.3.4 https 172.16.13.11 https netmask 255.255.255.255 0 0

pix1# sh nat

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

pix1# sh global

global (outside) 1 interface

Help is appreciated!

2 REPLIES
Silver

Re: Outgoing IP with Static PAT

change:

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

to:

nat (inside) 0 access-list nonat

nat (inside) 100 0.0.0.0 0.0.0.0 0 0

This leaves plenty of room for many different nat configurations.

Then change:

global (outside) 1 interface

to:

global (outside) 100 interface

try this:

access-list 1x1 permit ip host any

nat(inside) 10 access-list 1x1

global(outside) 10 1.2.3.4

HTH

-mike

New Member

Re: Outgoing IP with Static PAT

That did it - thanks much for the help!

183
Views
0
Helpful
2
Replies