Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Route Outside to Inside

Comcast gave me a block of 5 "real" IP addresses. Internally, we run 192.168 IPs.

So let's say Comcast gave me 74.74.74.70 to 74.74.74.74. I give the outside interface on the PIX 74.74.74.70, I give my email server (which sits off of the SMC router box that Comcast leaves with you) 74.74.74.71. I want to be able to setup 74.74.74.72 to have a domain like docs.mycompany.com, and redirect that to 192.168.10.5. My pix does not have a DMZ, if that matters.

I am struggling with the necessary commands to make this happen! Can someone tell me...I am mired in global(outside) and static (inside,outside) commands!!! And when I issue one and do a "wr m", if I do it wrong, I can't browse the web anymore. And I can't tell, would my test even work from inside? If the PIX sees me coming from 192.168.10.10, and trying to get to one of my 74s, only to be rerouted right back to a 192.168, would it think mayeb I was spoofing?? Anyway, can someone tell me what commands I need?

Thanks.

6 REPLIES

Re: Route Outside to Inside

You should not have to change your global and NAT statements. You need to create a static NAT like the one below.

static (inside,outside) tcp 74.74.74.72 80 192.168.10.5 80 netmask 255.255.255.255 0 0

There a ton of options here, so you might want to do a little extra research. Don't forget to grant access via the ACL as well. Testing from the inside will not work, but depending on your PIXOS there is a work around. What version are you running?

HTH and please rate.

Community Member

Re: Route Outside to Inside

What do I have to do with the ACL?

Re: Route Outside to Inside

Permit the traffic throught the firewall. For example-

access-list outside_access permit tcp any host 74.74.74.72 eq 80

outside_access is the name of the ACL applied to the outside interface.

HTH and please rate.

Community Member

Re: Route Outside to Inside

I am running PIX 6.3.

You are right, from inside, it does not work. From outside, it works fine.

Is there a workaround so it appears to work from inside? Would be a big help!

Community Member

Re: Route Outside to Inside

sometimes you have to:

static(inside,outside) Real_IP Local_IP

access-list acl-outside permit tcp any Real_IP eq 80

....

access-list acl-inside permit tcp Local_IP any eq 80

.

Re: Route Outside to Inside

Please lookup the alias command for the work around.

144
Views
10
Helpful
6
Replies
CreatePlease to create content