Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
3
Replies

no nat-control and pix 525

roberto.costantini
Level 1
Level 1

‎02-09-2011 01:12 AM - edited ‎03-11-2019 12:47 PM

Hello everyone,
I have a pix525e and users of the various interfaces (inside, dmz, inside1) go out on the Internet through a pool of public IP or by using the command ip static public static(inside, outside) internal_ip external_ip.
as a matter of necessity on some internal hosts would need to set the public IPdirectly ...
I tried this:
nat (inside) 0 public_ip 255.255.255.255
access-list outside_access_out extended permit ip host public_ip any

public_ip  set behind the firewall but do not go out and not also ping internet gateway
internal : 10.1.1.1/16
pool of external address: 172.16.15.0/24
outside: 172.16.15.2 connected to internet router 172.16.15.1

any ideas?
thanks to everyone who can help me ...

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-09-2011 02:08 AM

Please configure the following:

static (inside,outside) public_ip public_ip netmask 255.255.255.255

But how is this public ip actually connected on the inside? do you have a subnet on the inside for that public ip range? and also do you have route for those public ip subnet towards the inside interface?

Can you please share your topology diagram and also a copy of the current configuration would help. Please also advise what is the public ip address that you are trying to configure the NAT exemption on.

0 Helpful

roberto.costantini
Level 1
Level 1
In response to Jennifer Halim

‎02-09-2011 08:12 AM

Inside interface Pix                     10.1.1.1

Outside Interface Pix                168.23.8.2

Internet Gateway on 2911        168.23.8.1

i need to configure an ip 168.23.8.50 directly connected on inside Lan of PIX ...

in this moment i haven't configuration but i can post it later ....

thank for you help

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to roberto.costantini

‎02-09-2011 07:02 PM

Well, you can't connect an ip address which is not in the same subnet as the inside subnet.

168.23.8.50 belongs to the outside subnet of the ASA, and you would need to connect the host to the same subnet/vlan as the ASA outside interface. You can't connect 168.23.8.50 to the inside subnet of the ASA, as they are not in the same subnet (your inside subnet is 10.1.1.0). This will never work if you connect that to the inside subnet of the ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card