https://community.cisco.com/t5/network-security/translation-issue/m-p/731191#M1005499 <HTML><HEAD></HEAD><BODY><P>hello,</P><P></P><P>i need it in such a way that when 16.172.5.7 access from the outside to inside particular server, the source ip address should get translated to 20.172.220.4, as the server inside is configured to only allow access from specific ip addresses from internal subnet and 20.172.220.4 is one of it.</P><P></P><P>anyways, i did this and it sort of worked but if there is any other way of doing it please do tell.</P><P></P><P>access-list NAT_ONE permit ip host 16.172.5.7 host 60.10.136.72</P><P></P><P>static (outside,inside) 20.172.220.4 access-list NAT_ONE</P><P>static (inside,outside) 60.10.136.72 16.172.23.1 netmask 255.255.255.255</P><P>static (inside,outside) 60.10.135.72 20.172.216.4 netmask 255.255.255.255</P><P></P><P>what it did was that when traffic coming from 16.172.5.7 to 60.10.136.72 is tranlated the source ip to 20.172.220.4 as it should </P><P></P><P>and when traffic coming from 16.172.5.7 to 60.10.135.72 it creats one-to-one map as per the static defined and doesn't tranlate the source ip. </P></BODY></HTML> Thu, 03 May 2007 05:40:17 GMT zulqurnain 2007-05-03T05:40:17Z https://community.cisco.com/t5/network-security/translation-issue/m-p/731189#M1005497 <P>hello,</P><P></P><P>suppose there is one host who is accessing two different servers in the network.</P><P></P><P>when host A access to host B all we have to do is make sure that it gets to talk to it one to one thus i configure this</P><P></P><P>static (inside,outside) tcp 60.x.x.72 3392 20.172.216.4 3392 netmask 255.255.255.255 </P><P>static (inside,outside) tcp 60.x.x.72 3394 20.172.216.4 3394 netmask 255.255.255.255</P><P></P><P>access-list acl_out_in permit tcp host 20.x.x.4 host 60.10.135.72 eq 3392</P><P>access-list acl_out_in permit tcp host 20.x.x.4 host 60.10.135.72 eq 3394</P><P></P><P>and host A can connect to host B with success no problem at all. </P><P></P><P>Now, when host A try to connect to host C we not only have to nat/translate the source IP of this host but also the like host B scenario that it should be one to one with it, so i configure the following</P><P></P><P>static (outside,inside) 20.x.x.4 16.172.5.7 netmask 255.255.255.255 </P><P>static (inside,outside) 60.x.x.72 16.172.23.1 netmask 255.255.255.255</P><P></P><P>access-list acl_out_in permit tcp host 60.x.x.72 host 20.172.220.4 eq 6003</P><P></P><P>host A connects to host C successful and no problem.</P><P></P><P>the issue i have here is that when i see the netstat of host B it shows that the host A (remote host ip address is) 20.172.220.4 whereas it should be it orginal source ip address. </P><P></P><P>so is there a way it can be done or is it the firewall itself that it's not possible and it would be causing any problem in connection, cuz currently on random times the connection drops automaticaly btw host A and host B, so i assume it is because of this issue.</P><P></P><P>any help would be great </P> Mon, 11 Mar 2019 10:07:44 GMT https://community.cisco.com/t5/network-security/translation-issue/m-p/731189#M1005497 zulqurnain 2019-03-11T10:07:44Z https://community.cisco.com/t5/network-security/translation-issue/m-p/731190#M1005498 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Why do you need </P><P></P><P>static (outside,inside) 20.x.x.4 16.172.5.7 netmask 255.255.255.255 </P><P></P><P>If you remove it and clear xlate, I believe you should be fine!</P><P></P><P>Regards, </P></BODY></HTML> Wed, 02 May 2007 18:59:00 GMT https://community.cisco.com/t5/network-security/translation-issue/m-p/731190#M1005498 oabduo983 2007-05-02T18:59:00Z https://community.cisco.com/t5/network-security/translation-issue/m-p/731191#M1005499 <HTML><HEAD></HEAD><BODY><P>hello,</P><P></P><P>i need it in such a way that when 16.172.5.7 access from the outside to inside particular server, the source ip address should get translated to 20.172.220.4, as the server inside is configured to only allow access from specific ip addresses from internal subnet and 20.172.220.4 is one of it.</P><P></P><P>anyways, i did this and it sort of worked but if there is any other way of doing it please do tell.</P><P></P><P>access-list NAT_ONE permit ip host 16.172.5.7 host 60.10.136.72</P><P></P><P>static (outside,inside) 20.172.220.4 access-list NAT_ONE</P><P>static (inside,outside) 60.10.136.72 16.172.23.1 netmask 255.255.255.255</P><P>static (inside,outside) 60.10.135.72 20.172.216.4 netmask 255.255.255.255</P><P></P><P>what it did was that when traffic coming from 16.172.5.7 to 60.10.136.72 is tranlated the source ip to 20.172.220.4 as it should </P><P></P><P>and when traffic coming from 16.172.5.7 to 60.10.135.72 it creats one-to-one map as per the static defined and doesn't tranlate the source ip. </P></BODY></HTML> Thu, 03 May 2007 05:40:17 GMT https://community.cisco.com/t5/network-security/translation-issue/m-p/731191#M1005499 zulqurnain 2007-05-03T05:40:17Z https://community.cisco.com/t5/network-security/translation-issue/m-p/731192#M1005500 <HTML><HEAD></HEAD><BODY><P>hi everyone,</P><P></P><P>i need advise n help, please tell me say something</P></BODY></HTML> Fri, 04 May 2007 19:29:09 GMT https://community.cisco.com/t5/network-security/translation-issue/m-p/731192#M1005500 zulqurnain 2007-05-04T19:29:09Z