Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Configuring 'reverse' static translation

I'm trying to configure a PIX with 'reverse' static translation.

As I understand it, with conventional static translation if I want my inside host (10.10.10.10) to be 'visible' on the outside interface as 192.168.5.5), my config would be:-

static (inside,outside) 192.168.5.5 10.10.10.10 netmask 255.255.255.255

However, I have an outside host (203.203.203.203) that I want to be 'visible' on the inside interface as 10.10.11.11. I would have thought the config would be:-

static (outside,inside) 10.10.11.11 203.203.203.203.....

but that doesn't work. Can this be done, and if so how!?

Thanks in advnance.

Jon

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Configuring 'reverse' static translation

4 REPLIES
Silver

Re: Configuring 'reverse' static translation

You're translation is correct. You may need to clear the xlate of an ACL may not be allowing the traffic.

Community Member

Re: Configuring 'reverse' static translation

This is called "Outside NAT". You have the command correct (assuming "....." is "netmask 255.255.255.255").

This does require at least 6.2. What version are you running? Do your logs show any errors regarding the creation of this xlate?

HTH,

Mike

Community Member

Re: Configuring 'reverse' static translation

Community Member

Re: Configuring 'reverse' static translation

Thanks Mike, I haven't fixed it yet, but at least now I know it can be done! To complicate matters, the external host is actually at the other end of an IPSec tunnel between the PIX and a Nortel Contivity, and I haven;t got that working either!

101
Views
0
Helpful
4
Replies
CreatePlease to create content