https://community.cisco.com/t5/network-security/nat-complications/m-p/1697065#M534790 <HTML><HEAD></HEAD><BODY><P>Andy </P><P></P><P>Couldn't agree more. GUIs are useful sometimes but i never got on with ASDM at all.&nbsp; I would fire it up and by the time i had worked out what to do i could have configured 3 firewalls by using the CLI <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P></P><P>Jon</P></BODY></HTML> Thu, 28 Jul 2011 13:39:48 GMT Jon Marshall 2011-07-28T13:39:48Z https://community.cisco.com/t5/network-security/nat-complications/m-p/1697062#M534784 <P>Hi Guys, was hoping you could help.&nbsp; I'm getting myself in a big muddle with regards to NATing, and could do with some clarity.</P><P></P><P></P><P>We have a setup whereby there are 2 firewalls back to back on a 172.22.11.0/24 subnet.&nbsp; I control one firewall, another company (company B)&nbsp; the other.&nbsp; My PIX has its outside interface as 172.22.11.254, and its inside interface as 172.22.255.21.</P><P></P><P>I'm trying to set up a NAT whereby clients on my inside network can connect to 172.22.11.11 (as this is routable by me) on a specific port, and this will NAT them to the real address 172.31.36.6 on the same port, on the other side of company B's firewall.&nbsp; Company B are doing the reverse.</P><P></P><P>I've allowed traffic to come into the firewall's inside interface, and can see it entering.&nbsp; There is a dynamic NAT mapping any traffic from the inside interface to the outside.</P><P></P><P>I've set up a static NAT policy rule on the outside interface, taking a source IP of the outside interface (172.22.11.254), a destination of 172.22.11.11, a static translation to 172.31.36.6, and the relevant port translation, but this doesn't work.&nbsp; Looking at the logs, I can't see anything even attempting to be translated.</P><P></P><P>I know this is a lot to take in, but any ideas where I'm going wrong?</P><P></P><P>Thanks for any suggestions.</P> Mon, 11 Mar 2019 21:05:00 GMT https://community.cisco.com/t5/network-security/nat-complications/m-p/1697062#M534784 andrewburridge 2019-03-11T21:05:00Z https://community.cisco.com/t5/network-security/nat-complications/m-p/1697063#M534786 <HTML><HEAD></HEAD><BODY><P>Andrew</P><P></P><P><EM>I've set up a static NAT policy rule on the outside interface, <STRONG>taking a source IP of the outside interface (172.22.11.254)</STRONG>, a destination of 172.22.11.11, a static translation to 172.31.36.6, and the relevant port translation, but this doesn't work.&nbsp; Looking at the logs, I can't see anything even attempting to be translated.</EM></P><P></P><P>I'm not sure what you mean by the bit in bold. But from your requirements have you tried - </P><P></P><P>static (outside,inside) 172.22.11.11 172.31.36.6 netmask 255.255.255.255</P><P></P><P>Jon</P></BODY></HTML> Thu, 28 Jul 2011 12:07:51 GMT https://community.cisco.com/t5/network-security/nat-complications/m-p/1697063#M534786 Jon Marshall 2011-07-28T12:07:51Z https://community.cisco.com/t5/network-security/nat-complications/m-p/1697064#M534788 <HTML><HEAD></HEAD><BODY><P>Hi Jon,</P><P></P><P>That appears to be working now, at least from my end.&nbsp; I was going through the GUI and ended up applying the NAT the wrong way round by the looks of things.&nbsp; Lesson learned, alway stick to the CLI!</P><P></P><P>Thanks,</P><P></P><P>Andy</P></BODY></HTML> Thu, 28 Jul 2011 13:33:56 GMT https://community.cisco.com/t5/network-security/nat-complications/m-p/1697064#M534788 andrewburridge 2011-07-28T13:33:56Z https://community.cisco.com/t5/network-security/nat-complications/m-p/1697065#M534790 <HTML><HEAD></HEAD><BODY><P>Andy </P><P></P><P>Couldn't agree more. GUIs are useful sometimes but i never got on with ASDM at all.&nbsp; I would fire it up and by the time i had worked out what to do i could have configured 3 firewalls by using the CLI <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P></P><P>Jon</P></BODY></HTML> Thu, 28 Jul 2011 13:39:48 GMT https://community.cisco.com/t5/network-security/nat-complications/m-p/1697065#M534790 Jon Marshall 2011-07-28T13:39:48Z