Solved: Re: Configuring 'reverse' static translation

jonwhitear · ‎01-19-2004

I'm trying to configure a PIX with 'reverse' static translation.

As I understand it, with conventional static translation if I want my inside host (10.10.10.10) to be 'visible' on the outside interface as 192.168.5.5), my config would be:-

static (inside,outside) 192.168.5.5 10.10.10.10 netmask 255.255.255.255

However, I have an outside host (203.203.203.203) that I want to be 'visible' on the inside interface as 10.10.11.11. I would have thought the config would be:-

static (outside,inside) 10.10.11.11 203.203.203.203.....

but that doesn't work. Can this be done, and if so how!?

Thanks in advnance.

Jon

mikegallagher · ‎01-19-2004

FYI, here is a good URL.

http://www.cisco.com/warp/public/707/28.html#topic12

View solution in original post

shannong · ‎01-19-2004

You're translation is correct. You may need to clear the xlate of an ACL may not be allowing the traffic.

mikegallagher · ‎01-19-2004

This is called "Outside NAT". You have the command correct (assuming "....." is "netmask 255.255.255.255").

This does require at least 6.2. What version are you running? Do your logs show any errors regarding the creation of this xlate?

HTH,

Mike

mikegallagher · ‎01-19-2004

FYI, here is a good URL.

http://www.cisco.com/warp/public/707/28.html#topic12

jonwhitear · ‎01-19-2004

Thanks Mike, I haven't fixed it yet, but at least now I know it can be done! To complicate matters, the external host is actually at the other end of an IPSec tunnel between the PIX and a Nortel Contivity, and I haven;t got that working either!