Hi. I've a PIX525 ver5.3 I'm trying to traslate a private address 172.16.0.0 to a public address 22.214.171.124 The first address is a DMZ4 and the second is the traslate to outside. I have thist instruction: NAT (dmz4) 2 172.16.0.0 255.255.248.0 0 0 and GLOBAL (outside) 2 126.96.36.199 Adctionaly, I have GLOBAL (outside) 1 188.8.131.52 for the others address (inside and other dmz's) but when an address 172.16.x.x is in internet, its leaves with address 184.108.40.206 I don't know why. In my case, the sentence NAT (dmz4) 2 is not working. I hope to be clean in this problem. If somebady can help me, I'll apreciate it. Thanks a lot.
Hi. Jon. Thnks for your answer. In general, this is the main settings of our PIX. Remenber that the idea is the DMZ4 to access to internet by 220.127.116.11 and the ip address 18.104.22.168 is for the another networks:
2) If someone from the outside of the pix wants to access one of the 172.16.0.0 servers with this statement how will they know which address to go to ie. if a user on the outside contacts 22.214.171.124 how does the pix know which 172.16.x.x host this is destined for.
If you want to translate just one host from DMZ4 you could use
(this is just an example - i have no idea what 172.16.x.x addressing your dmz4 servers are using).
You can statically translate more up to the number of available IP addresses from the 126.96.36.199 subnet.
With these static translations a user on the outside will be able to access the DMZ4 server as long as you allow it thru an access-list. So from the above example if a user from the outside sends a packet to 188.8.131.52 and you have allowed it in your access-lists then the packet will go to 172.16.1.1.
If you don't need any servers to be contacted from the outside and are only interested in the servers going from the dmz4 to the outside remove your static and change the following.
I done this instructions but in this case any host on the DMZ4 can access the Internet. I think that if is necesary the line "nat (dmz4) 1 172.16.0.0 255.255.248.0 0 0" or not? I apreciate your help and I wait for your response.
Hi Jon. Please, excuse me, but I had a mistake in the ip address (184.108.40.206) because that address is not available to access directly to internet, there were a restiction in the PIX with that address. I checked it and now is working perfectly. But I apreciate a lot your help, it was very important for me. I hope that I can write to you for future questions.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...