Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6122
Views
0
Helpful
3
Replies

static (outside , inside)

Ganesan Palaniappan
Level 1
Level 1

‎02-07-2013 09:53 AM - edited ‎03-11-2019 05:57 PM

Hi All,

I want to achieve the below scenario with static NAT.

1. I have a firewall which is having two legs ( inside and outside). As usual inside security is 100 and outside is 0.

We have done a PAT for all the inside networks to access the outside network. Now the requirement is i have server in outside network which should be accessed by the inside network with a help inside ip address itself ( mapping the server to a free inside ip address and all the inside hosts will connect to the inside ip which intun communicates the outside ip address)

We tried to achieve the above using static (outside,inside ) command , but somewhat we are unable to communicate.

We created ACL as permint ip any any and applied on the both the interface. Proper route has been added in the Firewall to the ouside network and also we added route in the Outside network L3 Switch for the firewall inside network.

Please help us !!!

Attached a sample diagram ...

Regards,

Gan.

Labels:
Preview file
22 KB
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎02-07-2013 10:07 AM

Hi,

So is the Firewall actually connected to Internet on the "outside" since you say that you have routed the "inside" network on the L3 switch behind the "outside" interface of the firewall?

If the "outside" side router really has a route to the "inside" network then I would try out this Policy NAT configurations

access-list SERVER-POLICY-NAT permit ip host 172.10.10.5 10.10.10.0 255.255.255.0

static (outside,inside) access-list SERVER-POLICY-NAT

Not sure if it will work though...

- Jouni

0 Helpful

Ganesan Palaniappan
Level 1
Level 1
In response to Jouni Forss

‎02-08-2013 09:46 PM

Hi,

I tried the above configuration, but it's not working...For your information please find the xlate entry

When i trying to reach one of the server from outside network ( 172.10.10.10) to inside network ( 10.10.10.183)

TCP outside (172.10.10.10):4405 inside 10.10.10.183:3389, idle 0:00:41, bytes 0, flags SaAB

The Inside NAT IP is 10.10.10.10

Regards,

Gan

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Ganesan Palaniappan

‎02-08-2013 10:22 PM

To initiate a connection from the outside to inside, firstly you would need a static NAT statement for your inside host.

So if the inside host is 10.10.10.183, this host needs to be statically NATed first (dynamic PAT won't work because that only works for outbound connection).

So static NAT for the inside host as follows:

If you don't want to NAT, then:

static (inside,outside) 10.10.10.183 10.10.10.183 netmask 255.255.255.255

If you want to NAT, then:

static (inside,outside) x.x.x.x 10.10.10.183 netmask 255.255.255.255

Then to actually NAT the outside host to an inside address:

static (outside,inside) 10.10.10.10 172.10.10.10 netmask 255.255.255.255

Then "clear xlate" and test it.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card