Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.2(2) 515 static translation using PAT ?

Is it possible to configure a static translation from the "inside" interface to the "outside" interface when using PAT ? Example an FTPserver on the Inside that you want public access to.

3 REPLIES

Re: PIX 6.2(2) 515 static translation using PAT ?

Yes,

eg.

global (outside) 1 x.x.x.1 (or global (outside) 1 interface)

nat (inside) 1 0 0

static (inside,outside) x.x.x.2 10.10.10.10 netmask 255.255.255.255 0 0

or

static (inside,outside) tcp interface ftp 10.10.10.10 ftp netmask 255.255.255.255 0 0

access-list outside_in permit tcp any host x.x.x.2 eq ftp

or

access-list outside_in permit tcp any host x.x.x.x eq ftp (where x.x.x.x is the ip of interface)

access-group outside_in in interface outside

Hope it helps.

Steve

New Member

Re: PIX 6.2(2) 515 static translation using PAT ?

I will try it and let you know, Thank you for your reply !

New Member

Re: PIX 6.2(2) 515 static translation using PAT ?

It seems that PAT IP Address prevents the first 2 possible solution from working .

I have not tried the third suggestion yet. In the third option Does the x.x.x.x represent the Outside or Inside Interface or should it be the actuall ip of the FTP server on the inside? Thanks for your assistance.

100
Views
0
Helpful
3
Replies
CreatePlease to create content