09-21-2004 11:57 PM - edited 03-09-2019 08:51 AM
Guys,
Need some advice on how to approach this.I will try to explain the problem as best as i can.
-I have 5 hosts that sit behind the inside interface.
-All 5 have been mapped to a public ip (for internet access)
172.16.25.10 202.6.160.169
172.16.25.11 202.6.160.170
172.16.25.12 202.6.160.171
172.16.25.13 202.6.160.172
172.16.25.14 202.6.160.173
-These hosts get their default route from a router sitting behind the outside interface 202.6.160.2
-out of these 5 hosts,two are critical as they monitor events on other hosts.Critical Hosts are
172.16.25.10 202.6.160.169
172.16.25.11 202.6.160.170
PROBLEM
1)i have a host that sits behind the outside interface (202.6.161.230).It is configured with static routes and does not know how to route to my two critical hosts via publicly defined ips.It only knows how to route to 172.16.25.x ips.(adding another static route is not possible this time round)
2)I need to retain my static public mappings and
allow this outside host to connect to my critical hosts,keeping in mind that this outside host can only "see" 172.16.25.x addresses.
Pls advise if there is a way to resolve this
09-22-2004 06:27 AM
Hi,
(Supposed you use pix)
You can use the nat 0 (nonat) feature.
access list nonat permit ip host 172.16.25.10 host 202.6.161.230
access list nonat permit ip host 172.16.25.11 host 202.6.161.230
nat (inside) 0 access-list nonat
Of course, you need also to allow the connection with interface access-lists, or conduits.
I hope it will help you.
Regards,
Attila
09-23-2004 02:11 AM
i still allow the connection with interface access-lists?You mean from the outside>inside ?
access-list acl_inbound permit tcp 202.6.161.230 172.16.25.10 eq xx
09-23-2004 02:50 AM
Yes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide