[c-nsp] PIX xlate/nat question
Burton Windle
bwindle at fint.org
Fri Jun 10 16:23:44 EDT 2005
I have a PIX, running 6.2(3), configured as this:
internet <--> 2620 router <--> Pix <--> switch <--> netflow server
I am trying to figure out a way to allow my 2620 to export netflow data to
the netflow server (10.5.1.34) by using the netflow server's internal IP
(due to a shortage of external IPs), and yet still NAT outgoing
connections from the netflow server.
I had a static entry in my PIX's config that allowed netflow data from my
2620 to reach the netflow server; however, any data sent from the netflow
server was being sent out to the 'net wasn't being NAT'ed (and thus being
blocked by my border router's bogon ACL)
The static entry I had was:
static (inside,outside) 10.5.1.34 10.5.1.34 netmask 255.255.255.255 0 0
After I remove the above static line, it was getting NAT'ed correctly, but
of course, the 2620 couldn't talk inward anymore.
Is what I'm wanting to do possible; have one device outside the PIX talk
to an internal device by its internal IP, but have outgoing traffic from
that internal device still be NAT'ed properly?
--
Burton Windle bwindle at fint.org
More information about the cisco-nsp
mailing list