Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Translation on Pix 7.2(2)

When I do a static NAT on the Pix:-static (inside,outside) 172.16.1.2 192.168.1.2 netmask 255.255.255.255

I can see the inside IP address 192.168.1.2 is translated to 172.16.1.2 on the outside interface using the network sniffer. However if I introduce a port translation :-

static (inside,outside) tcp 172.16.1.2 www 192.168.1.2 8080 netmask 255.255.255.255 then the sniffer picks up the inside address on the outside interface and not the 172.16.1.2 address.

What have I missed here?

2 REPLIES
New Member

Re: Port Translation on Pix 7.2(2)

I think you need to add "outbound" nat rules too.

static (inside,outside) tcp 172.16.1.2 www 192.168.1.2 8080 netmask 255.255.255.255

only will translate and forward port when traffic is coming from outside to the external address (172.16.1.2). But if you want to go from inside (192.168.1.2) to outside, you need to add this:

global (outside) 1 172.16.1.2

nat (inside) 1 192.168.1.2 255.255.255.255

Cheers,

Emilio

New Member

Re: Port Translation on Pix 7.2(2)

Thanks Emilio,

I had worked out that the dynamic nat rule would give me the desired effect, however I was querying why this was uneccessary if you didnt do a PAT on the original rule.

Cheers

S

684
Views
0
Helpful
2
Replies