Starting with PIX 6.2, NAT and PAT can be applied to traffic from an outside, or less secure, interface to an inside (more secure) interface. This is sometimes referred to as "bi-directional NAT." "
"Outside NAT/PAT is similar to inside NAT/PAT, but the address translation is applied to addresses of hosts residing on the outer (less secure) interfaces of the PIX. To configure dynamic outside NAT, specify the addresses to be translated on the less secure interface and specify the global address or addresses on the inside (more secure) interface. To configure static outside NAT, use the static command to specify the one-to-one mapping."
I am able to make the static outside nat working as shown in the example
but not the dynamic outside nat . And my question is how to make that works.
The commands you mention refers to inside nat not outside nat.
You are still backwards though. Regular NAT, where you have legitimate IPs on the outside, and RFC 1918 IPs on the inside, requires global commands on the outside int, and nat on the inside int.
Outside nat is used far less frequently, often for poorly designed networks, or to deal with poorly written applications. That said, outside nat requires the *same* rules for global and nat commands - global on outside int, nat on inside int. Outside nat, as seen in the doc, is achieved through the addition of more static commands.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...