Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

problem with dynamic outside nat on pix

i have a pix connected with two interface .on the inside interface i have a host and on the outside i have a host i have configured outside dynamic nat which deosn't work here's my config

nat (outside) 1 outside

global (inside) 1 interface

pix inside interface

pix outside interfaec

access-list 101 permit ip any any

access-group 101 in interface outside

pls help what is the problem out here


Cisco Employee

Re: problem with dynamic outside nat on pix

You are missing the rule that will allow the outside user to access the host located on the trusted network.

static (inside,outside) netmask

The I stronly recommend to use outside NAT with a static translation as well

static (outside,inside) X netmask outside

If you still want to use nat/global you will need to specify the traffic that is going to be translated from outside to inside (use ACLs) and the traffic that is not going to be translated as well; otherwise, translations from traffic going inside -->>outside are gonna be broken

Franco Zamora

New Member

Re: problem with dynamic outside nat on pix

hi frnaco thanks for ur detailed perur explanation it means that when i want to implement a dynamic outside nat there has to be a static (inside,outside) am i right. i think cause when the packet from the outside host reaches on the outside interface for a destination the pix requires a translation table for the destination which is not present because of which packets are getting it possibel that i want to configure a entire subnet with dynamic outside nat is it possible. say in this same scenario i change the nat statement from a single host to a subnet

nat (outside) 1 outside

is it possible pls help me on this franco. see ya

thanks once again