I have a PIX 506E 6.3(4) setup to use Dynamic NAT for 15 addresses and the rest are setup to use STATIC NAT. At this time, I am using ALIAS statements to take care of outside requests that need access to inside machines.
Unfortunately, the PDM software won't allow us to manage the PIX if we use the ALIAS statments. I am told that I need to use Reverse NAT.
MY question is how to do this if I already have NAT setup dynamically for my 15 of my available addresses? What do I need to do to setup Reverse NAT for my static addresses?
My current config looks like this.
global (outside) 1 XX.XX.XX.110-XX.XX.XX.126 netmask 255.255.255.192
You can use the static command in combination with an access-list to setup access for inbound connections. For example, if you have a host 192.168.1.110 on your inside network, which is publicly available on 10.10.10.110, and a webserver is running on it, you can use the following commands:
access-list acl_outside permit tcp any host 10.10.10.110 eq 80
access-group acl_outside in int outside
The static commands tells the pix that the outside address 10.10.10.110 belongs to the inside address 192.168.1.110. Optionally you can specify the maximum number of connections allowed for that entry (see the manual for the static command).
The access-list entry tells the pix that anybody can connect to the ip-address 10.10.10.110 for port 80 (http)
The access-group command tells the pix to use access-list acl_outside on incoming traffic on the outside interface
Check out the example of a mailserver on the inside network at
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :