Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

problem with dynamic outside nat on pix

i have a pix connected with two interface .on the inside interface i have a host 1.1.1.2 and on the outside i have a host 2.1.1.2. i have configured outside dynamic nat which deosn't work here's my config

nat (outside) 1 2.1.1.2 255.255.255.255 outside

global (inside) 1 interface

pix inside interface 1.1.1.1

pix outside interfaec 2.1.1.1

access-list 101 permit ip any any

access-group 101 in interface outside

pls help what is the problem out here

sebastan

2 REPLIES
Cisco Employee

Re: problem with dynamic outside nat on pix

You are missing the rule that will allow the outside user to access the host located on the trusted network.

static (inside,outside) 1.1.1.2 1.1.1.2 netmask 255.255.255.255

The I stronly recommend to use outside NAT with a static translation as well

static (outside,inside) X 2.1.1.2 netmask 255.255.255.255 outside

If you still want to use nat/global you will need to specify the traffic that is going to be translated from outside to inside (use ACLs) and the traffic that is not going to be translated as well; otherwise, translations from traffic going inside -->>outside are gonna be broken

Franco Zamora

New Member

Re: problem with dynamic outside nat on pix

hi frnaco thanks for ur detailed explanation.as perur explanation it means that when i want to implement a dynamic outside nat there has to be a static (inside,outside) am i right. i think cause when the packet from the outside host reaches on the outside interface for a destination the pix requires a translation table for the destination which is not present because of which packets are getting dropped.so it possibel that i want to configure a entire subnet with dynamic outside nat is it possible. say in this same scenario i change the nat statement from a single host to a subnet

nat (outside) 1 2.1.1.0 255.255.255.0 outside

is it possible pls help me on this franco. see ya

thanks once again

sebastan

115
Views
0
Helpful
2
Replies