Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
1
Helpful
6
Replies

Problems creating a NAT form an outside to an inside network on the PIX

Go to solution
orangel
Level 1
Level 1

‎05-23-2003 07:37 AM - edited ‎02-20-2020 10:45 PM

I need to create a NAT for an outside address to the inside I am not able to create the static for it.

I have an external host with a 10.x.x.x address that want to translate on the inside to 172.x.x.x adress, using the PIX with the static command It does not allow it.

The syntax I am trying to use is:

Static (outside,inside) 172.1.1.9 10.1.1.10 netmask 255.255.255.255

but the pix sends the next error:

outside 0 has a lower security value than inside 100

I do not have another device between the host and the PIX and so I am limited to use the PIX for this purpose.

What else can I do?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mhoda
Level 5
Level 5
In response to orangel

‎05-23-2003 03:12 PM

Hi,

This feature is called bi-directional NAT. This was first introduced into 6.2 code. The earlier code doesn't have this feature, Sorry ! So, if this needs to be done on the PIX, then you need to have version 6.2 code. What you are trying is right, but its your code that is not allowing you to do that.

Here is the link that talks about when this feature was introduced.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/relnotes/pixrn621.htm#1249308

I hope this helps ! Thanks,

Mynul

View solution in original post

0 Helpful
6 Replies 6

Go to solution
jmia
Level 7
Level 7

‎05-23-2003 07:49 AM

Hi Oliver -

Try this,

> static (inside,outside) netmask 255.255.255.255

Also, have a read of the following document for reference:

http://www.cisco.com/warp/public/707/28.html

Hope this helps --

Go to solution
orangel
Level 1
Level 1
In response to jmia

‎05-23-2003 09:25 AM

Hi.

The PIX have a previus version to 6.2, the version for the pix is 5.1(4)

is it possible to configure the outside nat to inside or is there a similar bi-directional nat, on a version previous to 6.2?

tanks

0 Helpful

Go to solution
jmia
Level 7
Level 7
In response to orangel

‎05-23-2003 10:52 AM

Hello Oliver -

Okay, I didn't know that you had version 5.1(4), and ofcourse I gave you a 6.2 version example. Well in your case with v5.1 you'll need to use static with conduit to achive your goal.

On a side note - If you want to read up on pix etc, I'd recommend a very good book by David W. Chapman Jr. and Andy Fox - Cisco Secure Pix Firewalls from cisco press, www.ciscopress.com, ISBN - 1-58705-035-8,

Also, here is a world renowned expert ( and I used his papers on verious problems ) for expert advice from Dr Peter J. Welcher :

http://www.netcraftsmen.net/welcher/papers/pix01.html

Hope this helps and let me know how you get on --

0 Helpful

Go to solution
orangel
Level 1
Level 1
In response to jmia

‎05-23-2003 01:57 PM

I need to translate one IP address from the outside network into an inside network address, but I don't understand how could it work with a static and a conduit.

Please tell me how is this possible or if you have another alternate solution with version 5.1

Thanks.

0 Helpful

Go to solution
mhoda
Level 5
Level 5
In response to orangel

‎05-23-2003 03:12 PM

Hi,

This feature is called bi-directional NAT. This was first introduced into 6.2 code. The earlier code doesn't have this feature, Sorry ! So, if this needs to be done on the PIX, then you need to have version 6.2 code. What you are trying is right, but its your code that is not allowing you to do that.

Here is the link that talks about when this feature was introduced.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/relnotes/pixrn621.htm#1249308

I hope this helps ! Thanks,

Mynul

0 Helpful

Go to solution
orangel
Level 1
Level 1
In response to mhoda

‎05-26-2003 07:10 AM

Hi. Mynul

Tanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card