Inbound Static Nat and arp

roger.jones · ‎04-09-2003

I have a static mapping on my pix515 latest version,

static ( inside,outside ) 194.x.x.112 194.169.x.112 netmask 255.255.255.255 0 0

Am pretty certain all my pix config is right as regards interfaces , access-lists etc. but cannot get inbound nat mappings to work - all outbound is good.

We have internet router then the pix. My query is if we have static mappings inbound on the pix does my internet router need a route saying the static mapped address is via the pix - or will the pix respond to arp requests from the internet router looking for the pix mapped address.?

Thanks peers !!

mhussein · ‎04-09-2003

The syntax for inbound static mapping should be:

static ( outside, inside ) 194.x.x.112 194.169.x.112 netmask 255.255.255.255 0 0

i.e "outside" comes first followed by "inside".

Proxy-arp is enabled by default on all interfaces unless overridden by "no sysopt noproxyarp " statement.

Also you may need to add static routes with split subnet masks to override the connected routes.

Now my question is: what are you trying to accomplish or what problem you are trying to solve with outside NAT?

roger.jones · ‎04-09-2003

hmm - not sure on the response, the cisco website implies inside,outside

mhussein · ‎04-10-2003

(inside, outside) is used for regular outbound nat, if that what you mean. But if you are referring to the "Outside NAT" feature that was introduced in PIX OS 6.2, then I stand by my reply above.

Check the configuration for "outside nat" in this document:

http://www.cisco.com/warp/public/707/28.html#topic12