Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PAT/overload from outside to inside

I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?

Thanks,

Diego

3 REPLIES

Re: PAT/overload from outside to inside

Diego,

You can do this with static, NAT and ACL to address both requirements.

Here's a configuration example that you can use to build your configuration.

Inside Web Host that needs to be accessed from Outside: 192.168.1.2

int e0

nameif outside

security-level 0

ip add 172.16.1.1 255.255.255.0

int e1

nameif inside

security-level 100

ip add 192.168.1.1 255.255.255.0

access-group acl_outside in interface outside

access-list acl_outside permit tcp any host 172.16.1.1 eq www

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

static (inside,outside) interface 192.168.1.2 tcp 80

HTH

Sundar

Hall of Fame Super Blue

Re: PAT/overload from outside to inside

Hi Diego

Sundar has covered most of this but to PAT all outside addresses

access-list PATIN permit ip any host 172.16.1.1

(Note, i'm using Sundar's IP addressing and you might want to tie access down to the particular tcp/udp ports)

nat (outside) 2 access-list PATIN outside

global (inside) 2 interface

HTH

Jon

Community Member

Re: PAT/overload from outside to inside

Thanks guys. I will give this a shot and let you know what happens.

219
Views
8
Helpful
3
Replies
CreatePlease to create content