My Cisco PIX 501 OS version 6.2(2) is ip outside X.242 and inside 10.0.0.254. I want to forward traffic to X.242 (the PIX itself) Port 80 to an internal server (Historical reasons). I’ve use the following config and everything words fine. Everybody can connect to the Internet and the Internet can use the port forward. But the internal people cannot connect to the port forward.
From inside the following does NOT work: “telnet 196.X.X.242 80”
Extract of my config:
ip address outside 196.X.X.242 255.255.255.248
ip address inside 10.0.0.254 255.255.255.0
access-list 100 permit ip 10.0.0.0 255.0.0.0 any
access-group 100 in interface inside
access-list 101 permit icmp any any
access-list 101 permit tcp any host 196.X.X.242 eq www
access-group 101 in interface outside
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
static (inside,outside) tcp 196.X.X.242 80 10.0.0.10 80 netmask 255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 196.X.X.241 1
I think the PIX do not do the NAT for internal IP, to the port forward. Does anybody have any tips?