Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX Static NAT

HI,

currently In our network we done NAT on the Cisco router were

ip nat inside source static 10.86.6.251 XXX.90.XXX.1

Acl is allowing range of ports ---- 80, 1021 to 1281 from Outside to inside

ip nat inside source static tcp 10.86.6.251 5500 XXX.90.XXX.2 80

Acl is allowing range of ports ---- 80 from Outside to inside

Now when we are Migrating  to PIX 515E

we are not able to do the same its says duplicate entry for 10.86.6.251 when we adding PAT entry after one to one NAT entry

Since the first NAT statement carries range of port we are unable to break the statement (orelse we need to put 250 NAT entry)

kindly suggest us any solution to Static NAT range of Port or some ideas

thanks in advance

vinu

2 REPLIES
Community Member

Re: PIX Static NAT

Hi Vinu

am i right in saying that you want to assign a static nat (using an IP from a block of your IP's) rather than port forward.  If this is the case then on the pix you would enter a static nat to an inside (private IP) and then apply an acl on the outside interface allowing the ports

e.g

create Static

1) static (inside,outside) public_ip 192.168.1.25 netmask 255.255.255.255

create ACL

2)access-list acl_out permit tcp any host public_ip eq 80

then apply the ACL to the outside interace

3)access-group acl_out in interface outside

HTH

Re: PIX Static NAT

Hi Vinoth,

Check out the below link for configuration of NAT hope that  helps out your query !!

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1112434

Regards

Ganesh.H

648
Views
0
Helpful
2
Replies
CreatePlease to create content