03-06-2007 11:59 PM - edited 03-11-2019 02:42 AM
Hello
How can I configure on the PIX static src ip address translation for traffic coming in from the outside to the inside if.
What is the difference and syntax when configuring static source and destination ip nat.
Thanks in advance
Best regards
Lukasz
Solved! Go to Solution.
03-07-2007 02:19 AM
Hi Lukasz,
Jon has given you the type of command you need. I'll try to explain how it goes :
In case of a regular static where the source of the traffic (that needs to get natted) is the inside network, the syntax of the command is :
static (inside,outside)
When the source of the traffic (that needs to get natted) is the outside network, the syntax of the command is :
static (outside,inside)
HTH,
Please rate if it helps,
Regards,
Kamal
03-07-2007 12:18 AM
Hi
Outside source address is 172.16.5.10
You want to NAT it to 192.168.5.11
static (outside,inside) 192.168.5.11 172.16.5.10 netmask 255.255.255.255
HTH
Jon
03-07-2007 02:19 AM
Hi Lukasz,
Jon has given you the type of command you need. I'll try to explain how it goes :
In case of a regular static where the source of the traffic (that needs to get natted) is the inside network, the syntax of the command is :
static (inside,outside)
When the source of the traffic (that needs to get natted) is the outside network, the syntax of the command is :
static (outside,inside)
HTH,
Please rate if it helps,
Regards,
Kamal
03-08-2007 02:41 AM
Hello
I?ve checked the configuration, you had provided me but unfortunately it doesn?t work.
Below is my test configuration example
FWSM Version 2.3(2)
nameif vlan2 outside security0
nameif vlan3 inside security100
enable password xxx
passwd xxx
hostname test
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol rsh 514
fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list deny-flow-max 4096
access-list alert-interval 300
access-list outside extended permit ip any any
access-list outside extended permit icmp any any
access-list inside extended permit ip any any
access-list inside extended permit icmp any any
pager lines 24
logging buffer-size 4096
mtu outside 1500
mtu inside 1500
ip address outside 10.0.0.254 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
icmp permit any outside
icmp permit any inside
no pdm history enable
arp timeout 14400
static (outside,inside) 192.168.1.32 10.0.0.1 netmask 255.255.255.255
access-group outside in interface outside
access-group inside in interface inside
....
I am not able to connect to the server in network 192.168.1.0/24 from the host 10.0.0.1.
Please, correct me if I made a mistake in my config or I misunderstood you.
Thank You in advace
Lukasz
03-13-2007 09:28 AM
Change your static statement to following:
static (inside,outside) 192.168.1.32 192.168.1.32 netmask 255.255.255.255
This should do the trick. I'll let the TAC engineer explain pix/asa interface translation behavior :D
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: