Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
2
Replies

NAT at inside

uaskan
Level 1
Level 1

‎10-23-2001 03:10 PM - edited ‎03-08-2019 08:55 PM

Hi,

I have some clýents who stay at outside part of PIX, and they must connect to all sites at inside part of the PIX. I can't write static NAT ( there are a lot of sýtes ) to all sýtes. Is there any way makýng NAT for outside IPs. I wrote it. But it didn't work.

Best Regards

Labels:
0 Helpful
2 Replies 2

rrbleeker
Level 1
Level 1

‎10-25-2001 08:51 AM

One solution is to have static translations for all your internal hosts and allow connections from the outside by using access-lists/conduits. This is almost impossible to implement and makes your internal network extremely vulnerable.

A better solution would be to use VPN connections from your outside user's PC to the PIX. This way they will the ability to access all sites on your internal network without a complicated configuration.

0 Helpful

worf
Level 1
Level 1

‎10-25-2001 05:48 PM

You will need at least one static, registered ip address available to map to an inside host which is providing VPN services. Once conntected to this host, you can access resources on any network host that is normally accessable from the internal LAN. Unfortunatly, with the mechanics of PAT, and its modification to the associated TCP port, I do not know of a way to access an internal host without access to a VPN, other than a one to one mapping, which would require even more registered IP's. PAT provides "one to many" going out, so it makes coming in dificult. If you want outside traffic to access internal systems, then you need at least one more registered IP.

0 Helpful
Customers Also Viewed These Support Documents