Re: Static nat

RandritSupport · ‎09-10-2005

I have two external ip's that need to be nat to the same internal ip.

for example.

external 111.111.111.1

external 111.111.111.2

internal 2.2.2.1

I am trying to redirect port 8080 on 111.111.111.1 to port 80 on 2.2.2.1

I am trying to nat 111.111.111.2 143 to 2.2.2.1 143

I keep getting a over lapping error. What can I do to fix this.

mehrdad · ‎09-10-2005

I checked your issue in my lab but i didn't get error , my pix software version is 6.3(3) and I put commands like the below :

static (inside,outside) tcp 111.111.111.1 8080 2.2.2.1 80

static (inside,outside) tcp 111.111.111.2 143 2.2.2.1 143

where do you get over lapping error?

Regards,

Mehrdad

RandritSupport · ‎09-14-2005

Thanks for replying.

I figured out what I was doing wrong.

I addedd a static nat of

static (inside, outside) 111.111.111.1 2.2.2.1 netmask 255.255.255.255

first. Then I was trying to add

static (inside,outside) tcp 111.111.111.1 8080 2.2.2.1 80

once I removed the first static nat, the commands you gave me to try worked great.

Thanks.

rating_is_vital · ‎09-14-2005

Hi,

It's good to learn that your issue has been resolved. Perhaps to rate the post.

RandritSupport · ‎09-19-2005

static (inside,outside) tcp 1.1.1.1 6000 192.0.0.1 6000

ERROR: duplicate of existing static

TCP inside:192.0.0.1/6000 to outside:222.222.222.222/7080 netmask 255.255.255.255

This is an error that I keep getting.

any ideas????????

mehrdad · ‎09-19-2005

pls explain us all of your PIX configuration

RandritSupport · ‎09-19-2005

No access-list

interface Ethernet0

duplex full

nameif outside

security-level 0

ip address 222.222.222.1 255.255.255.0

!

interface Ethernet1

description Inside connection

speed 100

duplex full

nameif inside

security-level 100

ip address 111.111.111.1 255.0.0.0

global (outside) 1 222.222.222.1

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 222.222.222.2 25 111.111.111.2 25

static (inside,outside) 222.222.222.3 110 111.111.111.2 110

static (inside,outside) 222.222.222.3 8080 111.111.111.2 80

I have two external ip that pat/nat to the same internel ip address.

jackko · ‎09-19-2005

ERROR: duplicate of existing static

TCP inside:192.0.0.1/6000 to outside:222.222.222.222/7080 netmask 255.255.255.255

this port translation is probably created by the global

global (outside) 1 222.222.222.1

try do a "clear xlate" then the static command again

s.gilbrook · ‎09-20-2005

Dear all,

RE the original post - I am trying to achive a similar thing, but instead of translating to different ports using the same IP address, I would like to translate one internal IP address to two outside IP address, using the same port (23).

I would like to be able to present one internal host as two different IP address to the outside world.

Any help would be greatly appreciated.

Thanks,

Simon.

jackko · ‎09-25-2005

let's say

internal host 192.168.0.1

public ip1 203.0.0.1

public ip2 203.0.0.2

from the internet to get to inside it's probably fine, as the pix will nat any packet with destination 203.0.0.1 or 203.0.0.2 to 192.168.0.1.

how about outbound? when the pix receives a packet sourced from 192.168.0.1, how would the pix determine which nat statement to apply?

i guess it will work only if you have specific destinations so that you can configure policy nat.