I've got a small 29bit network that I'm using static statements to map the private inside IP's to the outside. This off course only gives us 6 publicly visible hosts. We've got a management PC on the outside of the PIX that we'd like to use to manage all host on the inside using their private IP's.
nat (inside) 1 172.24.1.0 255.255.255.0 0 0
global (outside) 1 interface
static (inside,outside) x.x.x.66 172.24.1.254 dns netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.67 172.24.1.50 dns netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.68 172.24.1.30 dns netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.69 172.24.1.20 dns netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.70 172.24.1.10 dns netmask 255.255.255.255 0 0
ip address outside x.x.x.65 255.255.255.248
ip address inside 172.24.1.253 255.255.255.0
So how would you enable host x.x.x.98 to access hosts 172.24.1.x as well as being able to access them on their public IP's ?
Re: Enable outside host to access inside private IP's
The problem I have is that all the public IP address's are being used and I have more devices on the inside than I have public IP addresses.
I've tried using a static command to make the private IP's visible:
static (inside,outside) 172.24.1.x 172.24.1.x
though that caused a few strange problems. This PIX is at a different site to where I'm based. When I tried doing a ping from the remote site to one of my local hosts I got an error in my syslog server about denying ICMP from 172.24.1.20, which is correct; how that was getting accross the internet I don't know!
The other option I've tried is having a nat 0 access-list to disable nat between the inside and the one host on the outside which appears to be OK.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...