Change this: ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable
to something like: ip nat inside source static tcp 192.168.0.30 80 200.10.15.189 80 extendable -The inside from the 827's perspective needs to be something in the 192.168.0.x address space And change this: static (inside,outside) 200.10.15.189 webserver to something like: static (inside,outside) 192.168.0.30 webserver -From the PIX's perspective, the outside address of the webserver is going to be something in the 192.168.0.x range, just as from the 827's perspective, 192.168.0.x is the inside range. HTH, Kent On Thu, 2003-02-20 at 20:33, dlci_16 wrote: > Hello networkers, > > I am trying to "conjure up" a working config for an ADSL link with static IPs > for a 827 series router, > these public IPs are supposed to point to, say a webserver, that sits behind > a > pix firewall > (which is directly connected to 827 router4s ethernet interface), > problem is when I try to come up with a working config. I find myself > getting into trouble. > (The catch is, I need the webserver behind that pix.) > Now this gets me using NAT twice to get a public IP from > the internet through the router past the pix and into my webserver, > I know it doesn4t sound right and obviously does not work either ;), > Any help/clue/criticisms are most welcome ;) > Ok, > What it looks like so far: > > > [internet] ---->[router] ----->[pix] --------->[lan/webserver] > [827series]----->[506E]------->[lan/webserver] > > > IP addresses: > For internet access I have 200.10.10.136 mask 255.255.255.0 > Public IPs: 200.10.15.184 255.255.255.248 (for example) > Public IP for my webserver is 200.10.15.189 > > > Router 827: > ---------- > > ! > int eth0 > ip address 192.168.0.200 255.255.255.255.0 > ip nat inside > ! > int atm0 > no ip address > dsl operating-mode auto > ! > int atm0.1 point-to-point > no ip address > pvc 0/35 > pppoe-cliente dial-pool-number 1 > ! > int dialer1 > ip address 200.10.10.136 255.255.255.0 > ip nat outside > dialer pool 1 > ! > ip nat inside source list 1 interface dialer1 overload > ip nat inside source static tcp 192.168.1.30 80 200.10.15.189 80 extendable > access-list 1 permit 192.168.0.0 0.0.0.255 > ! > ip route 0.0.0.0 0.0.0.0 interface dialer1 > ! > > > PIX 506E: > --------- > > ! > nameif eth0 outside security0 > nameif eth1 inside security 100 > ! > ip address outside 192.168.0.201 255.255.255.0 > ip address inside 192.168.1.21 255.255.255.0 > ! > route outside 0.0.0.0 0.0.0.0 192.168.0.200 1 > ! > global (outside) 1 192.168.0.202-192.168.0.248 > nat (inside) 1 192.168.0.0 255.255.255.0 > ! > name 192.168.1.30 webserver > ! > static (inside,outside) 200.10.15.189 webserver > ! > access-list acl_out permit tcp any host 200.10.15.189 eq 80 > ! > access-group acl_out in interface outside > ! > > -------- > Maby I am going about this the wrong way, > maby there is still hope just by tweaking my static nat translation at the > router. > If you have reached this far, thank you for your time and effort. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63476&t=63458 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]