Solved: Source NAT from Outside to Inside

cbregeripr · ‎08-09-2011

I am having some trouble getting what I thought would be easy to work properly. I have FWSM with multiple interfaces on it. I need to create a source NAT for traffic from an outside interface(security level 75) to the inside interface interface(security 0). I have an exteranl customer that is using 10.x.x.x.x and need them to NAT'd to a single IP. Below is peice of the config I tried. I never see the NAT work. ANY suggestions??

interface Vlan44

nameif CUST1

security-level 75

ip address 10.254.75.2 255.255.255.0

interface Vlan88

nameif inside

security-level 100

ip address 10.160.88.2 255.255.255.0

global (outside) 2 10.160.88.123

nat (CUST1) 2 10.0.0.0 255.0.0.0

Thanks,

Chris

varrao · ‎08-09-2011

Hi Chris,

Dynamic Pat is for going from higher security to lower security, but if you want to do it opposite, you would need to add a outside keyword at the end:

global (inside) 2 10.160.88.123

nat (CUST1) 2 10.0.0.0 255.0.0.0 outside

Let me know how it goes.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

Jon Marshall · ‎08-09-2011

Chris

that should be -

global (inside) 2 10.160.88.123

Jon

cbregeripr · ‎08-09-2011

My mistake, that was a typo. It is configured that way, but still not working.

global (inside) 2 10.160.88.123

nat (CUST1) 2 10.0.0.0 255.0.0.0

varrao · ‎08-09-2011

Hi Chris,

Dynamic Pat is for going from higher security to lower security, but if you want to do it opposite, you would need to add a outside keyword at the end:

global (inside) 2 10.160.88.123

nat (CUST1) 2 10.0.0.0 255.0.0.0 outside

Let me know how it goes.

Thanks,

Varun

Thanks,
Varun Rao