08-09-2011 07:41 AM - edited 03-11-2019 02:09 PM
I am having some trouble getting what I thought would be easy to work properly. I have FWSM with multiple interfaces on it. I need to create a source NAT for traffic from an outside interface(security level 75) to the inside interface interface(security 0). I have an exteranl customer that is using 10.x.x.x.x and need them to NAT'd to a single IP. Below is peice of the config I tried. I never see the NAT work. ANY suggestions??
interface Vlan44
nameif CUST1
security-level 75
ip address 10.254.75.2 255.255.255.0
interface Vlan88
nameif inside
security-level 100
ip address 10.160.88.2 255.255.255.0
global (outside) 2 10.160.88.123
nat (CUST1) 2 10.0.0.0 255.0.0.0
Thanks,
Chris
Solved! Go to Solution.
08-09-2011 10:44 AM
Hi Chris,
Dynamic Pat is for going from higher security to lower security, but if you want to do it opposite, you would need to add a outside keyword at the end:
global (inside) 2 10.160.88.123
nat (CUST1) 2 10.0.0.0 255.0.0.0 outside
Let me know how it goes.
Thanks,
Varun
08-09-2011 07:46 AM
Chris
that should be -
global (inside) 2 10.160.88.123
Jon
08-09-2011 07:48 AM
My mistake, that was a typo. It is configured that way, but still not working.
global (inside) 2 10.160.88.123
nat (CUST1) 2 10.0.0.0 255.0.0.0
08-09-2011 10:44 AM
Hi Chris,
Dynamic Pat is for going from higher security to lower security, but if you want to do it opposite, you would need to add a outside keyword at the end:
global (inside) 2 10.160.88.123
nat (CUST1) 2 10.0.0.0 255.0.0.0 outside
Let me know how it goes.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide