Solved

NATting from outside to inside

Posted on 2008-06-20
1
334 Views
Last Modified: 2008-09-25
Hi all,

A customer of ours is having the strangest setup. They have 2 firewalls connecting to the internet. We control only one of them. The other one is the main default gateway for their network.
A few servers use the firewall we control as default gateway (don't ask me why).
Now we need to publish  IP's from servers who's default gateway is pointing to the other firewall

This is what I had but it didn't work:

static (inside,outside) tcp CUSTOMERIP 3200 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) tcp CUSTOMERIP 3201 10.10.10.253 3200 netmask 255.255.255.255

access-list outside permit tcp host OURIP host CUSTOMERIP eq 3200
access-list outside permit tcp host OURIP CUSTOMERIP eq 3201

access-list cust_nat permit tcp host OURIP host CUSTOMERIP eq 3200
access-list cust_nat permit tcp host OURIP CUSTOMERIP eq 3201

nat (outside) 2 access-list cust_nat
global (inside) 2 interface


What am I doing wrong?
0
Comment
Question by:o-tvw-ee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
clearacid earned 500 total points
ID: 21831795
Try getting rid of the static NAT tcp translation.

static (inside,outside) CUSTOMERIP 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) CUSTOMERIP 10.10.10.253 3200 netmask 255.255.255.255

That way - just the translation is being set in this one and you are controlling TCP access on  your access-lists.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configuring WAN interface on Cisco ASA5525 3 37
VOIP gateways - feedback 23 73
Microwave IP VPN or Wireless Bridging 26 55
Cisco Nexus 5 13
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question