Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
0
Helpful
1
Replies

PIX 520

Go to solution
mike.mccabe
Level 1
Level 1

‎10-28-2002 11:24 AM - edited ‎02-20-2020 10:20 PM

Can I allow a user on the outside to connect to an IP address on the inside with using NAT. I need to make a connection with a DCOM application and apparently it does't work with NAT.

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎10-28-2002 03:15 PM

To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.

For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:

> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0

> access-list inbound permit ip any host 209.1.2.3

> access-group inbound in interface outside

Of course you have to make sure that 209.1.2.3 is routed to your PIX.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎10-28-2002 03:15 PM

To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.

For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:

> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0

> access-list inbound permit ip any host 209.1.2.3

> access-group inbound in interface outside

Of course you have to make sure that 209.1.2.3 is routed to your PIX.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card