https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843374#M973536 <P>I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?</P><P></P><P>Thanks,</P><P>Diego</P><P> </P> Mon, 11 Mar 2019 11:26:13 GMT tato386 2019-03-11T11:26:13Z https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843374#M973536 <P>I have host using a private internal IP that will only talk to machines on the same private IP. I need to have public IPs talk to this machine. I have a PIX that uses the same private IP subnet on its inside interface. What I would like to do is a PAT/overload scenario in reverse where multiple outside hosts will talk to the inside host using one IP from the private subnet. I think I have seen this mentioned somewhere but can't find it. One caveat is that the PIX must also do PAT/overload for internal hosts going out to the Internet at the same time. Is this possible?</P><P></P><P>Thanks,</P><P>Diego</P><P> </P> Mon, 11 Mar 2019 11:26:13 GMT https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843374#M973536 tato386 2019-03-11T11:26:13Z https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843375#M973537 <HTML><HEAD></HEAD><BODY><P>Diego,</P><P></P><P>You can do this with static, NAT and ACL to address both requirements.</P><P></P><P>Here's a configuration example that you can use to build your configuration.</P><P></P><P>Inside Web Host that needs to be accessed from Outside: 192.168.1.2</P><P></P><P>int e0</P><P>nameif outside</P><P>security-level 0</P><P>ip add 172.16.1.1 255.255.255.0</P><P></P><P>int e1</P><P>nameif inside</P><P>security-level 100</P><P>ip add 192.168.1.1 255.255.255.0</P><P></P><P>access-group acl_outside in interface outside</P><P></P><P>access-list acl_outside permit tcp any host 172.16.1.1 eq www</P><P></P><P>nat (inside) 1 192.168.1.0 255.255.255.0</P><P>global (outside) 1 interface</P><P></P><P>static (inside,outside) interface 192.168.1.2 tcp 80</P><P></P><P>HTH</P><P></P><P>Sundar</P><P></P><P></P></BODY></HTML> Tue, 16 Oct 2007 22:47:37 GMT https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843375#M973537 sundar.palaniappan 2007-10-16T22:47:37Z https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843376#M973538 <HTML><HEAD></HEAD><BODY><P>Hi Diego</P><P></P><P>Sundar has covered most of this but to PAT all outside addresses </P><P></P><P>access-list PATIN permit ip any host 172.16.1.1 </P><P></P><P>(Note, i'm using Sundar's IP addressing and you might want to tie access down to the particular tcp/udp ports)</P><P></P><P>nat (outside) 2 access-list PATIN outside</P><P>global (inside) 2 interface</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Wed, 17 Oct 2007 02:41:36 GMT https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843376#M973538 Jon Marshall 2007-10-17T02:41:36Z https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843377#M973539 <HTML><HEAD></HEAD><BODY><P>Thanks guys. I will give this a shot and let you know what happens. </P></BODY></HTML> Thu, 18 Oct 2007 15:25:04 GMT https://community.cisco.com/t5/network-security/pat-overload-from-outside-to-inside/m-p/843377#M973539 tato386 2007-10-18T15:25:04Z