PIX 525 Static NAT

richmorrow624 — Mon, 11 Mar 2019 10:00:19 GMT

I have a PIX 525 with a static NAT which is part of a VPN tunnel:

static (inside,outside) 10.91.6.2 access-list translation2

access-list dieboldtranslation2 permit ip host 10.11.150.1 host 10.79.15.3

The host on my end is trying to get out and I can see the attempt to build the tcp conncetion in the firewall, But the access-lists are never getting hit, never an attmept to translate from inside to outside to the 10.91.6.2 address:

302013: Built outbound TCP connection 74840423 for outside:10.79.15.3/5202 (10.79.15.3/5202) to inside:10.11.150.1/2492

I know the routing is correct, my inside host is a couple of hops away, but there is connectivity from it to my PIX

Anyone have any ideas?

Also, is the direction correct on the log entry for the traffic, would that be a clue?

Re: PIX 525 Static NAT

bwilmoth — Thu, 19 Apr 2007 18:38:54 GMT

The static command must not be included in the certified PIX Firewall. The static command enables particular instances of NAT.

Re: PIX 525 Static NAT

Tshi M — Thu, 19 Apr 2007 19:11:29 GMT

access-list NATME permit ip host inside_ip destination_ip or network

static (inside,outside) static_ip access-list NATME.

hope this help

topic Re: PIX 525 Static NAT in Network Security

PIX 525 Static NAT

Re: PIX 525 Static NAT

Re: PIX 525 Static NAT