03-10-2011 09:52 PM - edited 03-06-2019 04:02 PM
Hi expert,
I have a problem currently with a problem of unable to connect to the outside server.
I am wondering wonder it is caused by a static NAT.
I tried to delete the specific static NAT and the problem seems fixed. But for some resons, I can not delete it.
Let me explain more about my network configuration.
I am using a PC, with the IP address of 192.168.0.100. what I want to do is to connet the server in outside with a specific port. let say 203.1.1.4:7234.
There is a PIX place between my PC and the ISP network modem, suppose there are some switches between my PC to the PIX, but never mind them coz no more setting there excoet the VLAN, and I think it is not the cause to my problem.
There is a static nat affecting my connection and I would like to know how to workaround it.
the static nat is to map the PC's IP 192.168.0.100 to a public ip, let say 76.10.20.22 from the outside to inside interface.
one more thing need to mention is, in the PIX, I have a default route to route all traffic to 76.10.20.21 for the outgoing traffic.
the static nat is here:
static (inside,outside) 76.10.20.22 192.168.0.100 netmask 255.255.255.255 0 0
when I telnet the 203.1.1.4 port 7234, it is not working.
however, when I delete the static NAT mentioned above, I can telnet the 203.1.1.4 port 7234.
When the PC make the connection to 203.1.1.4, suppose it uses the 76.10.20.21 right? i think the NAT is not affect my outgoing traffic, it just having effect to my incoming traffic such as which outside server connect to the ip 76.10.20.22, it will translate to my PC, right?
am my concept right?
for the above problem, any other good suggestion,
thanks very much
Charles
03-14-2011 10:57 AM
static (inside,outside) 76.10.20.22 192.168.0.100 netmask 255.255.255.255 will nat local ip 192.168.0.100 to public ip 76.10.20.22
Also this static nat will automatically exempt your dynamic pool .So you will be using the souce ip 76.10.20.22 when connecting to the outside server.
And with your config. I dont see any problem . But make sure about your ACL and the access is given for telnet to 203.1.1.4:7234.
Also just clear xlate before trying to telnet the remote ip
Regards
haris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide