01-19-2004 04:15 PM - edited 03-09-2019 06:10 AM
I'm trying to configure a PIX with 'reverse' static translation.
As I understand it, with conventional static translation if I want my inside host (10.10.10.10) to be 'visible' on the outside interface as 192.168.5.5), my config would be:-
static (inside,outside) 192.168.5.5 10.10.10.10 netmask 255.255.255.255
However, I have an outside host (203.203.203.203) that I want to be 'visible' on the inside interface as 10.10.11.11. I would have thought the config would be:-
static (outside,inside) 10.10.11.11 203.203.203.203.....
but that doesn't work. Can this be done, and if so how!?
Thanks in advnance.
Jon
Solved! Go to Solution.
01-19-2004 06:25 PM
FYI, here is a good URL.
01-19-2004 06:18 PM
You're translation is correct. You may need to clear the xlate of an ACL may not be allowing the traffic.
01-19-2004 06:24 PM
This is called "Outside NAT". You have the command correct (assuming "....." is "netmask 255.255.255.255").
This does require at least 6.2. What version are you running? Do your logs show any errors regarding the creation of this xlate?
HTH,
Mike
01-19-2004 06:25 PM
FYI, here is a good URL.
01-19-2004 08:08 PM
Thanks Mike, I haven't fixed it yet, but at least now I know it can be done! To complicate matters, the external host is actually at the other end of an IPSec tunnel between the PIX and a Nortel Contivity, and I haven;t got that working either!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: