Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

One-One mapped NAT Entry in PIX

Hi,

What would be the equivalent command(s) in PIX for the following IOS command

"ip nat inside source static <local-ip> <global-ip>

4 REPLIES
New Member

Re: One-One mapped NAT Entry in PIX

static (inside, outside)

Re: One-One mapped NAT Entry in PIX

please make sure that you also configure an access-list to let connections pass that are initiated on the outside towards the inside (if you need this of course).

Kind Regards,

Tom

New Member

Re: One-One mapped NAT Entry in PIX

I actually tried this before. Here is my problem

I have a NAT statement

and Access Lists (using Object Groups) allowing inside hosts to access some ports on the web and some web sites. Everything else is "Denied". All these are NATed using a public IP x.x.x.58

Among inside hosts (coming through the same "inside" interface), there are some users for which i want to have one-one mapping.

Lets say for user 172.16.100.199 should be mapped to x.x.x.59. So i use the command

However it still doesn't work. The host is denied based on the Access-List i have for all other Users and probably the "static" command is not ever used.

How can i achieve that ?

If i use "nat 0

New Member

Re: One-One mapped NAT Entry in PIX

Hi,

if you need outbound connection for those specific hosts, the only way is to permit them in your acl, because that is the place where your packet is inspected at the first time. So, the static will not work if your acl does not allow the traffic go through.

110
Views
3
Helpful
4
Replies
CreatePlease to create content