Solved

NATting from outside to inside

Posted on 2008-06-20
1
331 Views
Last Modified: 2008-09-25
Hi all,

A customer of ours is having the strangest setup. They have 2 firewalls connecting to the internet. We control only one of them. The other one is the main default gateway for their network.
A few servers use the firewall we control as default gateway (don't ask me why).
Now we need to publish  IP's from servers who's default gateway is pointing to the other firewall

This is what I had but it didn't work:

static (inside,outside) tcp CUSTOMERIP 3200 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) tcp CUSTOMERIP 3201 10.10.10.253 3200 netmask 255.255.255.255

access-list outside permit tcp host OURIP host CUSTOMERIP eq 3200
access-list outside permit tcp host OURIP CUSTOMERIP eq 3201

access-list cust_nat permit tcp host OURIP host CUSTOMERIP eq 3200
access-list cust_nat permit tcp host OURIP CUSTOMERIP eq 3201

nat (outside) 2 access-list cust_nat
global (inside) 2 interface


What am I doing wrong?
0
Comment
Question by:o-tvw-ee
1 Comment
 
LVL 6

Accepted Solution

by:
clearacid earned 500 total points
ID: 21831795
Try getting rid of the static NAT tcp translation.

static (inside,outside) CUSTOMERIP 10.10.10.250 3200 netmask 255.255.255.255
static (inside,outside) CUSTOMERIP 10.10.10.253 3200 netmask 255.255.255.255

That way - just the translation is being set in this one and you are controlling TCP access on  your access-lists.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now