Re: Overiding Nat statement in PIX
- From: "pcmccollum@xxxxxxxxxxxxxxx" <pcmccollum@xxxxxxxxx>
- Date: 17 Jul 2006 14:04:40 -0700
Hi Simon,
According to
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694,
it looks as if you will have to recreate the nat 0 statement to be a
bit more granular. It takes precedence over all other NAT statements,
so that is why your static NAT will not work in the current
configuration.
Can someone else confirm this?
Thanks,
Phillip
simon watson wrote:
Hi All
I've had a request to perform a port redirect from a NAT address on a PIX
(i.e a public address on the outside interface (i.e 86.1.1.1 tcp port 6000)
gets translated to an inside address and a recognisable port (i.e 10.1.1.1
port 23).
The NAT side already happens on the internet router, however to do the port
redirect bit, I will have to configure the PIX.
The problem is the previous administration had configured the pix not to
translate any addresses from the inside(the internet router translates all
inside addresses)
static (inside,outside) 10.1.0.0 10.1.0.0 netmask 255.255.0.0 0 0
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
Therefore when I try to do the redirect, I get the error message that it
will overlap the statments above.
Is there any way I can perform the redirect, and keep the above statements
or do I have to modify the above static & nat statement to get it to work
Many Thanks in advance
Simon
.
- References:
- Overiding Nat statement in PIX
- From: simon watson
- Overiding Nat statement in PIX
- Prev by Date: Re: When to use DFCs
- Next by Date: Re: Problems connecting to a single host after changing router/link
- Previous by thread: Overiding Nat statement in PIX
- Next by thread: Putting small switch on 3560's port
- Index(es):
Relevant Pages
|
|
