01-19-2004 04:15 PM - edited 03-09-2019 06:10 AM
I'm trying to configure a PIX with 'reverse' static translation.
As I understand it, with conventional static translation if I want my inside host (10.10.10.10) to be 'visible' on the outside interface as 192.168.5.5), my config would be:-
static (inside,outside) 192.168.5.5 10.10.10.10 netmask 255.255.255.255
However, I have an outside host (203.203.203.203) that I want to be 'visible' on the inside interface as 10.10.11.11. I would have thought the config would be:-
static (outside,inside) 10.10.11.11 203.203.203.203.....
but that doesn't work. Can this be done, and if so how!?
Thanks in advnance.
Jon
Solved! Go to Solution.
01-19-2004 06:25 PM
FYI, here is a good URL.
01-19-2004 06:18 PM
You're translation is correct. You may need to clear the xlate of an ACL may not be allowing the traffic.
01-19-2004 06:24 PM
This is called "Outside NAT". You have the command correct (assuming "....." is "netmask 255.255.255.255").
This does require at least 6.2. What version are you running? Do your logs show any errors regarding the creation of this xlate?
HTH,
Mike
01-19-2004 06:25 PM
FYI, here is a good URL.
01-19-2004 08:08 PM
Thanks Mike, I haven't fixed it yet, but at least now I know it can be done! To complicate matters, the external host is actually at the other end of an IPSec tunnel between the PIX and a Nortel Contivity, and I haven;t got that working either!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide