Can you create 2 statics to the same internal IP?

bcorrothers · ‎06-23-2005

Question: Will the later versions of PIX Firewall (6.x) allow you to map 2 statics (outside) to the same internal IP address? In other words:

static (inside,outside) 216.55.5.55 -> 192.168.1.2

static (inside,outside) 192.168.1.2 -> 192.168.1.2

I'm running a PIX 515 with PIX Firewall ver. 5.2(1) and trying to enter the second static will error with "That address already statically translated!"

?

Harold Ritter · ‎06-23-2005

The issue is that the static natting is bidirectional. If it allowed a second entry, which one would the system use in the outside to inside direction.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

bcorrothers · ‎06-24-2005

It needs to use both. Traffic will be coming from outside to inside from both 216.x.x.x and from 192.x.x.x so the PIX needs to answer for both and xlate both to the same internal IP (192.168.1.2).