Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
1
Replies

Destination NAT

paulowenkirk
Frequent Visitor
Frequent Visitor

‎03-08-2006 02:21 AM

Hi

we have a firewall that was obviously installed the incorrect way around (security level wise) which is give us nightmares on the NAT.

Would there be a reason what when implementing (inside) to (outside) destination nat, case of just reversing the normal static command it would fail with the error

Feb 27 11:37:48 pix Feb 27 2006 11:37:48 : %PIX-3-305006: portmap translation creation failed for tcp src inside:12.2.2.1/43082 dst Int-G:10.0.1.1/22

To overcome the problem I had to do a normal source nat as well using the firewall Int-G interface.

Anyone know why this would have to be done or have a good nat document that explains the workings of nat, going a little further than the normal stuff int the books.

thanks

Paul

Labels:
0 Helpful
1 Reply 1

ebreniz
Level 11
Level 11

‎03-14-2006 07:17 AM

The static command is for allowing traffic from outside to inside and not from inside to outside.

Some of the NAT configurations on PIX is shown here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1113519

0 Helpful
Customers Also Viewed These Support Documents