Not sure if I'm missing the obvious here (like this isn't possible) but I need to provide Internet access to users on a PIX (6.3(3)) outside interface, the PIX is on a remote network, Internet access is via our private WAN then out through a central firewall to the Internet, so the inside interface is on our private network, the DMZ is on the outside interface. I need to use outside nat to allow hosts on the DMZ to access the net but restrict them with ACL's from being able to see our Internal network.
There are many CISCO references to the new outside nat feature but I can't see any documented examples of what I'm trying to do.
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
My outside host address is 192.168.1.100 and has 192.168.1.1 as it's default gateway. When I try and make a connection through the PIX from this host I can see an xlate created
305011: Built dynamic UDP translation from outside:192.168.1.100/137 to inside(NAT-Outside-Policy):192.168.0.1/57
But then I see
305005: No translation group found for udp src outside:192.168.1.100/137 dst inside:xxx.xxx.xxx.xxx/137
Where xxx is an inside host.
If I take the nat (outside) command out I can communicate from inside to outside ok. If I use static nat I can create static connections from outside to an inside host, but I need to be able to connect to any inside host from the outside. A simple solution would be to connect the inside interface to my "outside" network, but this would mean connecting the inside interface to an untrusted network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...