02-07-2004 02:39 AM - edited 03-09-2019 06:21 AM
Hello,
I want to allow access from inside to outside on a PIX 501 but I want to hide the outside address.
I want to telnet from inside to outside and have the PIX rewrite the address to the real outside address. Sort of the opposite to a normal PAT.
Anyone know if this is possible?
Thanks
02-07-2004 08:21 AM
normal PAT would translate the inside host ip source address to the outside interface's ip address for a telnet connection originating from the inside interface that is going out to the internet. This sounds like it is exactly what you seek to do. So what exactly are you trying to do?
02-07-2004 11:31 PM
Thanks for the quick reply. What I am trying to do is connect to an an ouside IP that I would not normally be able to route to. This firewall is not an Internet firewall, it is just connecting two interior networks. From the inside however I cannot route (by design) to the outside subnet. To telnet to a host on the outside subnet I want the firewall to to redirect from it's inside interface (or pool) to the real IP address on the outside. Basically the reverse of a PAT on an Internet firewall.
Thanks again.
02-08-2004 12:48 AM
David,
To do this you must Nat the outside address to an inside address. Use something similar to the following line. The X.X.X.X is the inside IP you want the outside to appear to the inside as and Y.Y.Y.Y is the real outside IP. You must have at the minimum PIX code 6.2 for this to work.
static (outside,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.255
Follow this link for details.
02-08-2004 05:28 PM
Thank you. That's exactly what I was after.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide