I have a problem with a PIX'm trying to make a NAT, and want to know if it may be with any origin, as would be the expression to make a static NAT?
I need help with this problem
static (outside, inside) 172.31.89.5 any_source 255.255.255.0 0 0
Cisco PIX Firewall Version 6.3(4)
If you are going to NAT Multiple addresses to One address then you would typically use a Dynamic PAT.
You can't use "any" in the Static NAT configuration. Atleast to my understanding.
Could you elaborate a bit what it is exactly that you are trying to achieve?
I notice that you are trying to configure some NAT for which source addresses are located behind "outside" and the NAT IP address is on the "inside" interfaces side.
I'm trying to make a double nat to change the source and destination origin be any internet source but switch to your destination 172.31.89.5 and 172.31.65.5, this second NAT and what I have, but I have no idea how do any NAT
I am afraid that I still didnt quite get the whole situation yet.
You do mention that you want to do double NAT? This is something that would be way more easier in the ASA firewalls with newer software. Both your firewall and its software are very old.
But for examples sake, lets say that you have a Static NAT for some of your internal host/server. Lets also say that you want to NAT all incoming traffic destined to that Static NAT IP address of the server to a single IP address, then you would probably have to use Static NAT + Dynamic Policy PAT
It might look something like this
access-list DYNAMIC-POLICYPAT permit ip any host 184.108.40.206
nat (outside) 100 access-list DYNAMIC-POLICYPAT outside
global (inside) 100 220.127.116.11
static (inside,outside) 18.104.22.168 22.214.171.124 netmask 255.255.255.255
To my understanding the above should do so that when traffic from "any" source address behind "outside" is coming towards the IP address 126.96.36.199 THEN the source addresses would be Dynamic PATed to IP address 188.8.131.52 and the IP 184.108.40.206 would be untranslated to the real IP address of 220.127.116.11
But again it is hard to say if this is the configuration type you are looking for based on your earlier reply.