FWSM & PAT & static NAT & port forwarding problem

oreggin80 · ‎09-04-2007

Hy!

On our FWSM there are some PAT about ~500 hosts. The DNS server should have a static NAT, some servers should have some port forwarding. I set those but DNS server & other servers can access only from VLAN60. Offices's PAT is work fine but I can't access mapped IP from other VLANs.

VLAN60 : 13.25.60.0/22

VLAN518: 172.18.0.0/16

IP of DNS server: 172.18.255.2 (should have 13.25.60.1)

IP of server1: 172.18.250.1

IPs of Offices: 172.18.0.1-172.18.2.254

Mapped IP: 13.25.60.239

FWSM conf. part. example:

nameif vlan60 outside security1

nameif vlan518 offices security51

access-list NAT extended permit ip any any

access-list static1 extended permit tcp any host 13.25.60.239

access-list static1 extended permit ip any host 13.25.60.1

ip address outside 13.25.63.244 255.255.252.0

ip address offices 172.18.255.254 255.255.0.0

global (outside) 1 13.25.60.2

global (outside) 2 13.25.60.3

global (outside) 3 13.25.60.4

nat (offices) 1 172.18.0.0 255.255.255.0 tcp 0 120

nat (offices) 2 172.18.1.0 255.255.255.0 tcp 0 120

nat (offices) 3 172.18.2.0 255.255.255.0 tcp 0 120

static (offices,outside) 13.25.60.1 172.18.255.2 netmask 255.255.255.255

static (offices,outside) tcp 13.25.60.239 22 172.18.250.1 22 netmask 255.255.255.255

access-group static1 in interface outside

access-group NAT in interface offices

route outside 0.0.0.0 0.0.0.0 13.25.63.254 1

oreggin80 · ‎09-04-2007

Hy!

I added this to config:

global (outside) 13 13.25.60.239

nat (offices) 13 172.18.250.0 255.255.255.0 tcp 0 120

static (offices,outside) tcp 13.25.60.239 ssh 172.18.250.1 ssh netmask 255.255.255.255

static (offices,outside) tcp 13.25.60.239 44444 172.18.250.1 44444 netmask 255.255.255.255

Now, I can access the backup server of offices from everywhere I would like, and the internet works on the server too.