NATting from outside to inside

Hi all,

A customer of ours is having the strangest setup. They have 2 firewalls connecting to the internet. We control only one of them. The other one is the main default gateway for their network.
A few servers use the firewall we control as default gateway (don't ask me why).
Now we need to publish  IP's from servers who's default gateway is pointing to the other firewall

This is what I had but it didn't work:

static (inside,outside) tcp CUSTOMERIP 3200 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) tcp CUSTOMERIP 3201 10.10.10.253 3200 netmask 255.255.255.255

access-list outside permit tcp host OURIP host CUSTOMERIP eq 3200
access-list outside permit tcp host OURIP CUSTOMERIP eq 3201

access-list cust_nat permit tcp host OURIP host CUSTOMERIP eq 3200
access-list cust_nat permit tcp host OURIP CUSTOMERIP eq 3201

nat (outside) 2 access-list cust_nat
global (inside) 2 interface


What am I doing wrong?
o-tvw-eeAsked:
Who is Participating?
 
clearacidConnect With a Mentor Commented:
Try getting rid of the static NAT tcp translation.

static (inside,outside) CUSTOMERIP 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) CUSTOMERIP 10.10.10.253 3200 netmask 255.255.255.255

That way - just the translation is being set in this one and you are controlling TCP access on  your access-lists.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.