10-28-2002 11:24 AM - edited 02-20-2020 10:20 PM
Can I allow a user on the outside to connect to an IP address on the inside with using NAT. I need to make a connection with a DCOM application and apparently it does't work with NAT.
Thanks
Solved! Go to Solution.
10-28-2002 03:15 PM
To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.
For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:
> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0
> access-list inbound permit ip any host 209.1.2.3
> access-group inbound in interface outside
Of course you have to make sure that 209.1.2.3 is routed to your PIX.
10-28-2002 03:15 PM
To establish a connection from the outside interface to an inside interface, you need a static and an ACL. The static CAN map the host IP address to itself, effectively bypassing NAT, but this means the internal host has to have a valid Internet-routable IP address.
For example, let's say your internal host has a 209.1.2.3 Internet address, your config would look like:
> static (inside,outside) 209.1.2.3 209.1.2.3 netmask 255.255.255.255 0 0
> access-list inbound permit ip any host 209.1.2.3
> access-group inbound in interface outside
Of course you have to make sure that 209.1.2.3 is routed to your PIX.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: