No NAT Question

[ronnetp]

I have a Cisco Pix Firewall 525
I am doing nat for 12 of all the public IPs I have,
But because of a software problem I need one server to use the same Public IP.
The server has two NICs I am thinking on One Network Card using the public IP, and on the other place the Internal network with our range 10.0.0.1 network IP.

If this posible not to use NAT, only for one of the public IPs?

 

[themut]

Yes you can do it... you need either of the two commands below:

nat (inside) 0 <nic-ip> 255.255.255.255

static (inside, outside) <nic-ip> <nic-ip> netmask 255.255.255.255

 

[ronnetp]

Thanks,

I did the changes and the static IP was assigned to Translation rules with the same IP for the outside and inside, but I dont get internet access.

I am putting that same IP on the Server NIC, but it is not able to get to the internet.

Any advice will be appreciated.

 

[themut]

A static translation takes precedence over dynamic NAT rules so if you configure a static translation to itself then you get locked out of the Internet unless you assign a public IP address. What you need is a nat (inside) 0 ... statement with an access list or you may also configured policy NAT but you need to run 6.3(3) on your PIX for policy NAT. Take a look at the links below:

http://www.cisco.com/en/US/products...oducts_tech_note09186a0080094aad.shtml#topic8

http://www.cisco.com/en/US/products...on_guide_chapter09186a0080172786.html#1113601