https://community.cisco.com/t5/network-security/configure-static-nat-in-fwsm/m-p/845169#M960413 <P>Hi all, </P><P>I use FWSM and now I want to configure static NAT in FWSM: </P><P>Diagram: </P><P>Webserver : 192.0.2.6/32 , interface: inside</P><P>NAT IP : 202.78.x.x /32 , interface: outside </P><P>I want to configuse static NAT from Webserver to IP Puplic and everyone can connect to Webserver with Service Any.</P><P>I only configure : </P><P>nameif vlan2 inside security100</P><P>access-list INSIDE extended permit ip 192.0.2.0 255.255.255.0 any </P><P>access-list acl_mdc_inside_access extended permit ip object-group any</P><P>ip address inside 192.0.2.x 255.255.255.0 standby 192.0.2.x</P><P>nat (inside) 0 access-list INSIDE</P><P>access-group acl_mdc_inside_access in interface inside</P><P>static (inside, outside) 202.78.x.x 192.0.2.6 netmask 255.255.255.255</P><P>I must configure access-list and routing? </P><P>If you need more information, please ask me. </P><P>Thank you very much!</P><P>Duy Khang</P> Wed, 13 Mar 2019 00:49:46 GMT mylove142 2019-03-13T00:49:46Z https://community.cisco.com/t5/network-security/configure-static-nat-in-fwsm/m-p/845169#M960413 <P>Hi all, </P><P>I use FWSM and now I want to configure static NAT in FWSM: </P><P>Diagram: </P><P>Webserver : 192.0.2.6/32 , interface: inside</P><P>NAT IP : 202.78.x.x /32 , interface: outside </P><P>I want to configuse static NAT from Webserver to IP Puplic and everyone can connect to Webserver with Service Any.</P><P>I only configure : </P><P>nameif vlan2 inside security100</P><P>access-list INSIDE extended permit ip 192.0.2.0 255.255.255.0 any </P><P>access-list acl_mdc_inside_access extended permit ip object-group any</P><P>ip address inside 192.0.2.x 255.255.255.0 standby 192.0.2.x</P><P>nat (inside) 0 access-list INSIDE</P><P>access-group acl_mdc_inside_access in interface inside</P><P>static (inside, outside) 202.78.x.x 192.0.2.6 netmask 255.255.255.255</P><P>I must configure access-list and routing? </P><P>If you need more information, please ask me. </P><P>Thank you very much!</P><P>Duy Khang</P> Wed, 13 Mar 2019 00:49:46 GMT https://community.cisco.com/t5/network-security/configure-static-nat-in-fwsm/m-p/845169#M960413 mylove142 2019-03-13T00:49:46Z https://community.cisco.com/t5/network-security/configure-static-nat-in-fwsm/m-p/845170#M960418 <HTML><HEAD></HEAD><BODY><P>Duy, you have to configure static nat which you already have in script, access-list to allow inbound traffic and apply acl to outside interface. Don't have to configure routing unless this is new PIX fwsm setup, if it is new setup you need to configure global nat and default route to access outside internet. Is outside interface the only public IP address you have for NAT?</P><P></P><P>e.g, if you are using spare public IP address for webserver NAT config would look as:</P><P></P><P></P><P>static (inside,outside) 202.78.x.x 192.0.2.6 netmask 255.255.255.255 </P><P>access-list outside_access_in permit tcp any host 202.78.x.x </P><P>access-group outside_access_in in interface outside</P><P></P><P></P><P>if using outside pix interface IP address as your NAT/PAT address static should be as:</P><P></P><P>static (inside,outside) interface 192.0.2.6 netmask 255.255.255.255</P><P>access-list outside_access_in permit tcp any host 202.78.x.x </P><P>access-group outside_access_in in interface outside</P><P></P><P>to configuire glonal nat</P><P></P><P>global (oustide) 1 interface</P><P></P><P>to configure default route</P><P>route outside 0 0 x.x.x.x 1</P><P></P><P>where x is ISP router and 1 is next hop. </P><P></P><P>HTH</P><P>Jorge</P><P></P></BODY></HTML> Mon, 19 Nov 2007 04:23:49 GMT https://community.cisco.com/t5/network-security/configure-static-nat-in-fwsm/m-p/845170#M960418 JORGE RODRIGUEZ 2007-11-19T04:23:49Z