topic NAT Problem in Network Security https://community.cisco.com/t5/network-security/nat-problem/m-p/820257#M969827 <P>Hi ALL</P><P></P><P>Kindly assist with this.</P><P></P><P>We use a PIX 506E with 6.3 and 1 public IP Address. We want all machines (6)on inside network to connect to Internet while Internet user can connect</P><P>to 2 services running on 2 machines inside.</P><P></P><P>Inside Machine: a) web server on 192.168.170.190 and ftp server on</P><P>192.168.170.186</P><P></P><P>PIX inside interface IP = 192.168.170.185</P><P>PIX outside interface IP = 80.1.1.1</P><P></P><P>My setup</P><P></P><P>access-list goutbound permit ip 192.168.170.184 255.255.255.248 any access-list ginside permit tcp any host 80.1.1.1 eq www</P><P>access-list ginside permit tcp any host 80.1.1.1 eq ftp</P><P>access-group goutbound in interface inside access-group ginside in interface outside</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0 0</P><P>static (inside,outside) tcp interface www 192.168.170.190 www netmask 255.255.255.255</P><P>static (inside,outside) tcp interface ftp 192.168.170.186 www netmask 255.255.255.255</P><P></P><P>While we can connect to the Internet from any machine on our inside network, the static does not seem to work as we can not connect to our ftp or www</P><P>machines from the internet.</P><P></P><P>Is my access-list and acces-group ok?</P><P>Can I use static(outside,inside) instead of static (inside,outside) above?</P><P></P><P>Please help.</P><P></P><P>Thanks.</P><P></P><P>Ismail</P><P></P> Mon, 11 Mar 2019 11:08:29 GMT itadebayo 2019-03-11T11:08:29Z NAT Problem https://community.cisco.com/t5/network-security/nat-problem/m-p/820257#M969827 <P>Hi ALL</P><P></P><P>Kindly assist with this.</P><P></P><P>We use a PIX 506E with 6.3 and 1 public IP Address. We want all machines (6)on inside network to connect to Internet while Internet user can connect</P><P>to 2 services running on 2 machines inside.</P><P></P><P>Inside Machine: a) web server on 192.168.170.190 and ftp server on</P><P>192.168.170.186</P><P></P><P>PIX inside interface IP = 192.168.170.185</P><P>PIX outside interface IP = 80.1.1.1</P><P></P><P>My setup</P><P></P><P>access-list goutbound permit ip 192.168.170.184 255.255.255.248 any access-list ginside permit tcp any host 80.1.1.1 eq www</P><P>access-list ginside permit tcp any host 80.1.1.1 eq ftp</P><P>access-group goutbound in interface inside access-group ginside in interface outside</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0 0</P><P>static (inside,outside) tcp interface www 192.168.170.190 www netmask 255.255.255.255</P><P>static (inside,outside) tcp interface ftp 192.168.170.186 www netmask 255.255.255.255</P><P></P><P>While we can connect to the Internet from any machine on our inside network, the static does not seem to work as we can not connect to our ftp or www</P><P>machines from the internet.</P><P></P><P>Is my access-list and acces-group ok?</P><P>Can I use static(outside,inside) instead of static (inside,outside) above?</P><P></P><P>Please help.</P><P></P><P>Thanks.</P><P></P><P>Ismail</P><P></P> Mon, 11 Mar 2019 11:08:29 GMT https://community.cisco.com/t5/network-security/nat-problem/m-p/820257#M969827 itadebayo 2019-03-11T11:08:29Z Re: NAT Problem https://community.cisco.com/t5/network-security/nat-problem/m-p/820258#M969828 <HTML><HEAD></HEAD><BODY><P>you need only this</P><P>access-list OUTSIDE-IN permit tcp any any eq ftp</P><P>access-list OUTSIDE-IN permit tcp any any eq www</P><P>access-group OUTSIDE-IN in interface outside </P><P>global (outside) 1 interface </P><P>nat (inside) 1 0 0 </P><P>static (inside,outside) tcp interface www 192.168.170.190 www netmask 255.255.255.255 </P><P>static (inside,outside) tcp interface ftp 192.168.170.186 www netmask 255.255.255.255 </P><P></P></BODY></HTML> Sun, 09 Sep 2007 12:18:37 GMT https://community.cisco.com/t5/network-security/nat-problem/m-p/820258#M969828 a.alekseev 2007-09-09T12:18:37Z