Cisco PIX 515: Map virtual ip to real one

Discussion in 'Cisco' started by alessio.pompigna@gmail.com, Sep 1, 2006.

  1. Guest

    Hello,

    we have a PIX515 with two eth interfaces, inside on network
    192.168.9.0/24 and outside on 10.10.24.0/24.
    We need users on inside to reach an internet proxy on outside with ip
    address 10.10.24.50, and would like that the users could point to a
    virtual ip on their network, such as 192.168.9.3. We should have
    something like the following

    inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside

    Could you please help?

    Thanks,
    A.
    , Sep 1, 2006
    #1
    1. Advertising


  2. > inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside


    static(inside, outside) 10.10.24.50 192.168.9.3 netmask 255.255.255.255

    Cheers

    --
    http://www.mangiavacchi.eu
    Ivo Mangiavacchi, Sep 1, 2006
    #2
    1. Advertising

  3. In article <>,
    <> wrote:

    >we have a PIX515 with two eth interfaces, inside on network
    >192.168.9.0/24 and outside on 10.10.24.0/24.
    >We need users on inside to reach an internet proxy on outside with ip
    >address 10.10.24.50, and would like that the users could point to a
    >virtual ip on their network, such as 192.168.9.3. We should have
    >something like the following


    >inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside


    If I understand you correctly, you want people to be able to
    address 192.168.9.3 but have that end up going to 10.10.24.50.

    If so, then the other poster's reply of

    static (inside,outside) 10.10.24.50 192.168.9.3 netmask 255.255.255.255

    will NOT work. That command would take incoming packets
    with a *destination* address of 10.10.24.50 and send them to
    internal destination 192.168.9.3, which isn't what you want.

    What you need is PIX 6.1 or later, and

    static (outside,inside) 192.168.9.3 10.10.24.50 netmask 255.255.255.255

    This command would take outgoing packets with destination
    192.168.9.3 and send them on to outside destination 10.10.24.50 .
    Walter Roberson, Sep 2, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TechGuy
    Replies:
    2
    Views:
    2,265
  2. Scott Townsend
    Replies:
    8
    Views:
    674
    Roman Nakhmanson
    Feb 22, 2006
  3. Stephen M
    Replies:
    1
    Views:
    628
    mcaissie
    Nov 14, 2006
  4. Scott Townsend
    Replies:
    1
    Views:
    397
    Walter Roberson
    Jan 23, 2007
  5. Geoffrey Sinclair

    Policy map using policy map

    Geoffrey Sinclair, Jul 27, 2009, in forum: Cisco
    Replies:
    1
    Views:
    503
    bod43
    Jul 27, 2009
Loading...

Share This Page