Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 520

Can I allow a user on the outside to connect to an IP address on the inside with using NAT. I need to make a connection with a DCOM application and apparently it does't work with NAT.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 520

To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.

For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:

> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0

> access-list inbound permit ip any host 209.1.2.3

> access-group inbound in interface outside

Of course you have to make sure that 209.1.2.3 is routed to your PIX.

1 REPLY
Cisco Employee

Re: PIX 520

To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.

For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:

> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0

> access-list inbound permit ip any host 209.1.2.3

> access-group inbound in interface outside

Of course you have to make sure that 209.1.2.3 is routed to your PIX.

86
Views
0
Helpful
1
Replies