NATing Question

skhirbash · ‎01-26-2010

I created a one-to-one NAT statement but when I try to ping the public ip address from the outside, it won't responde. Here is the NAT statement. Any assistance would be greatly apprecaited.

nat(inside) 0 access-list nonat

nat(inside) 1 0.0.0.0 0.0.0.0.0

static (inside,outside) 12.200.199.120 172.17.100.101 netmask 255.255.255.255
static (inside,outside) 12.200.199.121 172.17.100.102 netmask 255.255.255.255

static (inside,outside) 12.200.199.122 172.17.100.103 netmask 255.255.255.255

access-group outside_access_in in interface outside

Thanks,

sK

Ganesh Hariharan · ‎01-27-2010

I created a one-to-one NAT
statement but when I try to ping the public ip address from the
outside, it won't responde. Here is the NAT statement. Any assistance
would be greatly apprecaited.
nat(inside) 0 access-list nonat
nat(inside) 1 0.0.0.0 0.0.0.0.0
static (inside,outside) 12.200.199.120 172.17.100.101 netmask 255.255.255.255
static (inside,outside) 12.200.199.121 172.17.100.102 netmask 255.255.255.255
static (inside,outside) 12.200.199.122 172.17.100.103 netmask 255.255.255.255
access-group outside_access_in in interface outside
Thanks,
sK

Hi Sk,

Check out the below link on nat configuuration on PIX firewall hope to help

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml

Ganesh.H

Kureli Sankar · ‎01-27-2010

What is in the nonat acl?

Could you pls. paste the contents?

-KS

vilaxmi · ‎01-28-2010

Hello,

Remeber NAT EXEMPT (nonat) takes higher precedence over static NAT and also nonat with ACL (on HIgher security-level ifc)

is bidirectional.

Keeping that in mind, go ahead and check your nonat access-lists, an if they happen to include the interesting tarffic, then your public IPs WILL NOT repond. Remove inetresting traffic from nonat ACL, and then your static NAT will take preference, allowing access for users from outside to the servers on inside.

HTH

Vijaya