Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT at inside


I have some clýents who stay at outside part of PIX, and they must connect to all sites at inside part of the PIX. I can't write static NAT ( there are a lot of sýtes ) to all sýtes. Is there any way makýng NAT for outside IPs. I wrote it. But it didn't work.

Best Regards

New Member

Re: NAT at inside

One solution is to have static translations for all your internal hosts and allow connections from the outside by using access-lists/conduits. This is almost impossible to implement and makes your internal network extremely vulnerable.

A better solution would be to use VPN connections from your outside user's PC to the PIX. This way they will the ability to access all sites on your internal network without a complicated configuration.

New Member

Re: NAT at inside

You will need at least one static, registered ip address available to map to an inside host which is providing VPN services. Once conntected to this host, you can access resources on any network host that is normally accessable from the internal LAN. Unfortunatly, with the mechanics of PAT, and its modification to the associated TCP port, I do not know of a way to access an internal host without access to a VPN, other than a one to one mapping, which would require even more registered IP's. PAT provides "one to many" going out, so it makes coming in dificult. If you want outside traffic to access internal systems, then you need at least one more registered IP.

CreatePlease to create content