Re: Reaching outside IP address via an internal IP address via a

lsneijder · ‎11-05-2003

I need to give users access to an outside registered IP address. But instead opening up the firewall to that registered IP address I would like to have an internal address being mapped to the external address, so that users in stead of connecting to the outside IP address, they connect to the internal (private 10) IP address. Does anybody have experience with this?

Thanks,

gfullage · ‎11-05-2003

Do you mean that internal users should go to say, 10.1.1.1, and this'll go to the PIX and the PIX will redirect them to say, 200.1.1.1?

If so what you want is destination NAT, where the destination address is NAT'd rather than the more standard source address.

Something like the following should do the trick:

static (outside,inside) 10.1.1.1 200.1.1.1 netmask 255.255.255.255

Note the interfaces are the wrong way around for the norm. This tells the PIX that if a packet for 10.1.1.1 is seen on the inside interface, then translate it to 200.1.1.1 and put it on the outside interface.

All you need to do is assign a local IP address that will be routed to the PIX (10.1.1.1 in my example) and tell that to your internal users. You'll need 6.2 or higher in the PIX also.

lsneijder · ‎11-06-2003

Thanks for your quick answer. That is what I needed. I need to upgrade the IOS of my PIX to the latest level. I am still running 4.47 version.

dmooreabc · ‎11-25-2003

amazing! I opened a TAC case and was told this was not possible. I wanted to do the exact thing. Have users ftp to internal IP that was nated to external IP. I have 6.33 and PDM 3.0.1.

Reaching outside IP address via an internal IP address via a PIX 520