https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534000#M527110 <P>i have a pix connected with two interface .on the inside interface i have a host 1.1.1.2 and on the outside i have a host 2.1.1.2. i have configured outside dynamic nat which deosn't work here's my config </P><P></P><P>nat (outside) 1 2.1.1.2 255.255.255.255 outside</P><P>global (inside) 1 interface</P><P></P><P>pix inside interface 1.1.1.1</P><P>pix outside interfaec 2.1.1.1</P><P></P><P>access-list 101 permit ip any any </P><P>access-group 101 in interface outside</P><P></P><P>pls help what is the problem out here </P><P></P><P>sebastan </P> Fri, 21 Feb 2020 08:44:15 GMT sebastan_bach 2020-02-21T08:44:15Z https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534000#M527110 <P>i have a pix connected with two interface .on the inside interface i have a host 1.1.1.2 and on the outside i have a host 2.1.1.2. i have configured outside dynamic nat which deosn't work here's my config </P><P></P><P>nat (outside) 1 2.1.1.2 255.255.255.255 outside</P><P>global (inside) 1 interface</P><P></P><P>pix inside interface 1.1.1.1</P><P>pix outside interfaec 2.1.1.1</P><P></P><P>access-list 101 permit ip any any </P><P>access-group 101 in interface outside</P><P></P><P>pls help what is the problem out here </P><P></P><P>sebastan </P> Fri, 21 Feb 2020 08:44:15 GMT https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534000#M527110 sebastan_bach 2020-02-21T08:44:15Z https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534001#M527112 <HTML><HEAD></HEAD><BODY><P>You are missing the rule that will allow the outside user to access the host located on the trusted network.</P><P></P><P>static (inside,outside) 1.1.1.2 1.1.1.2 netmask 255.255.255.255</P><P></P><P>The I stronly recommend to use outside NAT with a static translation as well</P><P></P><P>static (outside,inside) X 2.1.1.2 netmask 255.255.255.255 outside</P><P></P><P>If you still want to use nat/global you will need to specify the traffic that is going to be translated from outside to inside (use ACLs) and the traffic that is not going to be translated as well; otherwise, translations from traffic going inside --&gt;&gt;outside are gonna be broken</P><P></P><P>Franco Zamora</P></BODY></HTML> Mon, 27 Feb 2006 04:45:27 GMT https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534001#M527112 fzamora 2006-02-27T04:45:27Z https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534002#M527113 <HTML><HEAD></HEAD><BODY><P>hi frnaco thanks for ur detailed explanation.as perur explanation it means that when i want to implement a dynamic outside nat there has to be a static (inside,outside) am i right. i think cause when the packet from the outside host reaches on the outside interface for a destination the pix requires a translation table for the destination which is not present because of which packets are getting dropped.so it possibel that i want to configure a entire subnet with dynamic outside nat is it possible. say in this same scenario i change the nat statement from a single host to a subnet</P><P></P><P>nat (outside) 1 2.1.1.0 255.255.255.0 outside </P><P></P><P>is it possible pls help me on this franco. see ya</P><P></P><P>thanks once again </P><P></P><P>sebastan</P><P> </P></BODY></HTML> Mon, 27 Feb 2006 05:54:53 GMT https://community.cisco.com/t5/network-security/problem-with-dynamic-outside-nat-on-pix/m-p/534002#M527113 sebastan_bach 2006-02-27T05:54:53Z