static nat and dynamic at pix 501

Discussion in 'Cisco' started by kfirs Sayag, Dec 10, 2003.

  1. kfirs Sayag

    kfirs Sayag Guest

    Hi ....

    well I have a problem using nat on pix 501.
    I have dynamic ip address using rj-45 to the pix (public) from my isp.

    I have one computer with static ip address and i want that computer will use
    static nat.
    the other computer will access the internet using dynamic Nat.

    (i am using the web interface .....)
    when i configure dynamic nat for all my network ,all the computers have
    access.
    when i add static nat (interface ip to 10.0.0.1) the static is working but
    the dynamic isnt working at all..
    the static nat alone is working too...but together ....no luck so far....

    can anyone help?
     
    kfirs Sayag, Dec 10, 2003
    #1

    1. Advertisements

  2. kfirs Sayag

    Walter Roberson Guest

    :well I have a problem using nat on pix 501.
    :I have dynamic ip address using rj-45 to the pix (public) from my isp.

    :I have one computer with static ip address and i want that computer will use
    :static nat.
    :the other computer will access the internet using dynamic Nat.

    Do I understand correctly that you have one static public IP address
    that you want to map to an inside computer, and that you also have
    a dynamic public IP address being assigned to the outside interface?
    That would be possible but a bit tricky.

    If you only have the one single dynamically allocated public IP address,
    then you cannot do what you want. Static nat reserves all the ports:
    port #43283 on the outside interface has to correspond to port #43283
    for the inside computer being mapped to. Lather, rinse, repeat,
    and you can see that after doing a static mapping to the outside
    address, the outside has no ports available to dynamically allocate
    to those other computers.

    What you can do is use static PAT, in which only a few ports
    are mapped through to the inside computer. I do not know how to
    do that in PDM. It would be a CLI configuration line such as

    static (inside, outside) tcp interface smtp host 10.11.12.13 smtp 0 0
     
    Walter Roberson, Dec 10, 2003
    #2

    1. Advertisements

  3. kfirs Sayag

    Walter Roberson Guest

    :What you can do is use static PAT, in which only a few ports
    :are mapped through to the inside computer. I do not know how to
    :do that in PDM. It would be a CLI configuration line such as

    :static (inside, outside) tcp interface smtp host 10.11.12.13 smtp 0 0

    Opps, that should be

    static (inside, outside) tcp interface smtp 10.11.12.13 smtp netmask 255.255.255.255 0 0
     
    Walter Roberson, Dec 10, 2003
    #3

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. IPSec - Lan to Lan - Nat routers - 1 Static and 1 Dynamic ip

  2. VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

  3. Can't get Access-List to work with 2514 using Dynamic and Static NAT

  4. PAT and Static NAT on a PIX 501

  5. acl+Static nat+Dynamic Nat

  6. Dynamic to Static PIX to PIX VPN

  7. ICMP issue :: Static NAT and Dynamic PAT on PIX

  8. Dynamic and static NAT

Loading...