Cisco Systems Cisco PIX 515: Map virtual ip to real one
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Cisco PIX 515: Map virtual ip to real one alessio.pompigna 09-01-06
Posted by on September 1, 2006, 4:31 pm
Please log in for more thread options
Hello,

we have a PIX515 with two eth interfaces, inside on network
192.168.9.0/24 and outside on 10.10.24.0/24.
We need users on inside to reach an internet proxy on outside with ip
address 10.10.24.50, and would like that the users could point to a
virtual ip on their network, such as 192.168.9.3. We should have
something like the following

inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside

Could you please help?

Thanks,
A.


Posted by Ivo Mangiavacchi on September 1, 2006, 5:57 pm
Please log in for more thread options

> inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside

static(inside, outside) 10.10.24.50 192.168.9.3 netmask 255.255.255.255

Cheers

--
http://www.mangiavacchi.eu


Posted by Walter Roberson on September 2, 2006, 4:41 pm
Please log in for more thread options

>we have a PIX515 with two eth interfaces, inside on network
>192.168.9.0/24 and outside on 10.10.24.0/24.
>We need users on inside to reach an internet proxy on outside with ip
>address 10.10.24.50, and would like that the users could point to a
>virtual ip on their network, such as 192.168.9.3. We should have
>something like the following

>inside --> 192.168.9.3 -NAT to 10.10.24.50 --> outside

If I understand you correctly, you want people to be able to
address 192.168.9.3 but have that end up going to 10.10.24.50.

If so, then the other poster's reply of

static (inside,outside) 10.10.24.50 192.168.9.3 netmask 255.255.255.255

will NOT work. That command would take incoming packets
with a *destination* address of 10.10.24.50 and send them to
internal destination 192.168.9.3, which isn't what you want.

What you need is PIX 6.1 or later, and

static (outside,inside) 192.168.9.3 10.10.24.50 netmask 255.255.255.255

This command would take outgoing packets with destination
192.168.9.3 and send them on to outside destination 10.10.24.50 .

Similar ThreadsPosted
Cisco PIX 515: Map virtual ip to real one September 1, 2006, 4:31 pm
enabling/dissabling ip multicast traffic in real time on a Cisco router using windows script July 23, 2005, 9:10 pm
Cisco 871 : NAT virtual interface May 16, 2006, 7:57 am
Virtual Labs for Cisco Certification February 15, 2007, 5:49 pm
Cisco VPN Client and Virtual machines February 14, 2008, 1:32 pm
Cisco hardware in an vmware ESX virtual server environment March 29, 2006, 12:05 pm
Cisco 2800 - Multiple VPNs Using Virtual-Template December 7, 2006, 7:20 am
Establishing CISCO VPN Client Conneciton from a Virtual PC 2007 Instance December 21, 2007, 10:55 am
cisco VPN ipsec tunnel virtual interface operation detail question July 28, 2006, 2:57 pm
efficient use of real ips February 2, 2006, 8:48 am
using translate as a REAL end-to-end x25 to tcp gateway? February 1, 2006, 9:04 am
Show real ip in ASA5520 log November 26, 2008, 7:45 am
2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work? March 23, 2006, 10:27 am
Ideas on showing real IP address December 10, 2007, 2:03 pm
Re: IS PROTOCOL IS-IS REALY USED IN REAL WORLD? July 1, 2009, 6:32 pm
Residential Cabling Guide

Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Learn More