Static NAT

[deadcat1]

Hi,

I am trying to create at static NAT from my internal network to an external router so I can telnet to an internal address and get to my external router. My PIX has an internal interface of 10.160.144.4/24 and shares an external network with our internet router. I want to be able to telnet to an internal address of 10.160.144.253 and have that redirected to the external router. I don't have an access list that allows that traffic yet but I have a deny any any log on the inside interface of the PIX but am not seeing any hits. Here is the command I tried.
static (inside,outside) 12.160.x.x 10.160.144.253 netmask 255.255.255.255 0 0

Any help would be appreciated.

 

[308win]

I think you have your thinking backwards. You use statics to let traffic from the outside in. You want to get out.
You must let

http://www and

other select traffic from the inside through your PIX . Why don't you just update that acl and add telnet from the specific host to the router. (And on the router line vty add an acl permitting telnet from the external global address on the firewall)

Brian

 

[deadcat1]

I could do that but in my situation I have some monitoring tools that are across a WAN that have a different internet connection and I want them to use the LAN instead of the internet to access internet devices on this side of the WAN. Ideally I want them to reference an internal address. The way it is being done on the other side of the WAN is using the alias command but that command is being phased out when using PDM. Is there a way to use NAT to do this?

 

[308win]

use nat 0

access-l acl-nat-disable permit tcp host inside-mgmt host router-interface eq 23
nat (inside) 0 access-l acl-nat-disable

that will 'leak' your inside address to the outside un-translated.