Help NAT

Hi all

I'm back on the PIX/FWSM. I'm trying to change our NAT/PAT instructions for indoors so that all of the traffic internet to port 80 or 443 uses a PAT and all other dynamic NAT traffic.

I have read a few docs and it looks like I can use policy NAT but can't always not all stages of configurations.

Currently all from inside 10.x.x.x traffic gets a dynamic NAT range of x.x.116.31 - x.x.116.251 and one address PAT x.x.117.251. But I would like the PAT x.x.117.251 the address to use for port 80/443 and other traffic to use dynamic NAT.

Is this possible using policy NAT?

Thank you

Hello.. Yes, you can definitely do it...

For web access

NAT (inside) 1 access-list Web_Outbound

Global (outside) 1 x.x.117.251 netmask 255.255.255.255

Web_Outbound list access permit tcp any any eq 443

Web_Outbound list access permit tcp any any eq 80

for everything else

NAT (inside) 10 access-list All_Outbound

Global (outside) 10 x.x.116.31 - x.x.116.251 netmask 255.255.255.255

All_Outbound ip access list allow a whole

NOTE: the id of nat you used for dynamic PAT (i.e. 10) must be superior to that used for PAT (1). in this way the precedence NAT will work according to your needs.

I hope that helps... Rate if he does!

Tags: Cisco Security

Similar Questions

  • Please help: NAT (inside) 0 0 0 and NAT (inside) - access list 0

    I have a problem with my PIX firewall.

    I don't want any NAT to the origin of traffic inside the interface.

    When I give

    NAT (inside) - 0 80 access list

    access ip-list 80 allow a whole

    It works very well

    But when I tried

    NAT (inside) 0 0 0

    ITZ not working is not for my IPsec clients

    According to my knowledge PIX requires input NAT to allow traffic from security interface higher to lower security interface. Can I use NAT 0 by which I can get around the NAT.

    Help, please?

    Hello

    identity nat works with access-list... IE nat 0 statement with an ACL... or you can specify the network... don't know if you can put 0 0... I have not seen that someone put this...

    refer to the documentation of nat for this command:

    http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_63/cmdref/Mr.htm#wp1161298

    to the first config... That's right... who has a list of acess 80!

    REDA

  • Help, what did I miss?

    Hey I'm a great player, and I just bought a new Alienware gaming computer, but... when I installed Flight simulator X for her, he did not a desktop icon. Well not much right? I was wrong. Basically, I searched the entire system for Flight Simulator x folder and then when I found things that I had was a list updates. Anything with a startup or an attachment from shortcut. I installed this game on my previous XP OS and it worked fine. But I am new to Vista and im stuck.

    Here are the things that I have tried-
    -Put the drive to see if it has a start menu, what it does, but with only uninstall and repair anything on the game options.
    -J' looked for in the start menu (search) for "Flight Simulator X" and all that I got is the file with the content of all my extension kit
    Ive - travel through the Control Panel, and see if they looked like a 'Add or remove programs' in the XP OS, but their was no

    It's me bummin it's happened with several of my games, but those who have all had an automatic boot menu when you play the disc, no one knows what I'm talking about?  or should I just throw my new computer because Vista's anti-Gaming

    Thanks for the help,
    Nate E.

    -PS - I Triple all the requirements for the game and it installed entirely without any problem. And since this is in fact a microsoft game, it makes me crazy that I can't understand this, microsoft game, system of microsoft operating...  WHY DOES THIS WORK? !

    Hi tank patrol 1,
     
    Thank you for using Microsoft Vista answers Forum!
     
    In flight Stimulator there is a checkbox that asks if you want to program in your menu shortcuts start, maybe you missed these as your insisted following the installation.
     
    Step 1: Go to start, all programs > Microsoft games > Flight simulator X > right click the FSX icon and click on 'code pin-TI-to-start-menu '.
     
    Step 2: You can make your own shortcut. Go to start, all programs > Microsoft games > Flight simulator X > right click on fsx.exe file and choose send to desktop or PIN to the Start Menu.
     
    In the case above steps do not help, try to uninstall and then reinstall Flight simulator X and during installation, please check the option if you are prompted to create an icon on the desktop and the start menu shortcut.
     
    We can't wait to hear back on your part cordially, Vishal B. Microsoft Support Engineer answers visit our Microsoft answers feedback Forum and let us know what you think.

  • help with NAT 3 type

    How can I change my NAT type 3?

    I messed around on my secondary router and I googled a bunch with no luck saw the most people want to help change the 3 to 2.

    I know, I know, why would I want to change my NAT type 3? reasons lol

    can someone help me? My routers are connected LAN to LAN, I have a Linksys EA4500 as a secondary router, the main router I want to stay type 2 so that my efforts do not interfere with my brothers games.

    I finally, I plugged the 2 first routers Lan to Lan and the third I hung LAN to Wan, problem solved

  • Need HELP to change the NAT type to open on Linksys E2000.

    I was wondering if anyone could tell me how to change my nat from moderate to open so I can play xbox without any problems. But the strange thing is my nat was open, but it changed to moderate and I recently bought the linksys e2000 and it was open at first, but no more. If anyone can help me?

    Follow the below mentioned settings, then check.

    Open an Internet Explorer browser on your computer (desktop) wired page. In the address bar type - 192.168.1.1 and press ENTER...
    Let the empty user name & password use admin lowercase...
    On the Configuration tab change the size of the MTU to 1365, then click on save settings...
    Click the 'Administration' tab and disable the UPnP option and click on save settings...
    Click on the tab "Games and Applications" and then click the sub-tab "Port Range Forwarding"...
    (1) on the first line in the box, type Application in ABC, in the start box, type in 53 and type in 3074 service box, leave the Protocol as and under type 192.168.1.20 ip address and check the box to enable, click on save settings once it's been...
    (2) once you return to the game to the top page, click the Security tab and uncheck block anonymous Internet requests and click on save settings...
    (3) click on the status tab, and then note the DNS1 and DNS2 addresses...
    (4) address IP, Goto settings XBox network settings and assign the following on your Xbox and select manual IP settings
    IP address:-192.168.1.20, subnet mask:-255.255.255.0 default gateway:-192.168.1.1...
    (5) also assign addresses DNS on Xbox
    Use DNS1 and DNS2 addresses you took note of the primary router as secondary DNS & DNS status tab for the xbox...
    (6) turn off your modem, router and Xbox... Wait a minute...
    (7) plug the power to the modem first, wait a minute and plug the router power cable, wait another minute and turn on the Xbox and... test it connects...
    IP address: part 192.168.X. [last intellectual property in your device] for example if static ip given to the unit's 192.168.X.10 get the last part and put it in the empty box.

  • E2000 + XBOX Live moderate NAT =... help please

    I know that this topic was beaten as a dead horse, but I still need help. I followed these instructions and double checked.

    On the Configuration tab change the size of the MTU to 1365, then click on save settings...
    Click the 'Administration' tab and disable the UPnP option and click on save settings...
    Click on the tab "Games and Applications" and then click the sub-tab "Port Range Forwarding"...
    (1) on the first line in the box, type Application in ABC, in the start box, type in 53 and type in 3074 service box, leave the Protocol as and under type 192.168.1.20 ip address and check the box to enable, click on save settings once it's been...
    (2) once you return to the game to the top page, click the Security tab and uncheck block anonymous Internet requests and click on save settings...
    (3) click on the status tab, and then note the DNS1 and DNS2 addresses...
    4) go to the XBox network settings and IP address settings, select manual IP settings and assign the following operations on your Xbox
    IP address:-192.168.1.20, subnet mask:-255.255.255.0 default gateway:-192.168.1.1...
    (5) also assign addresses DNS on Xbox
    Use DNS1 and DNS2 addresses you took note of the primary router as secondary DNS & DNS status tab for the xbox...
    (6) turn off your modem, router and Xbox... Wait a minute...
    (7) plug the power to the modem first, wait a minute and plug the router power cable, wait another minute and turn on the Xbox and... test it connects...

    The Xbox has connected, but I always get a moderat NAT and I'm not sure why. The xbox is suggesting I open the UPnp... but just maybe it's a generic solution.

    Any suggestions?

    Thank you!

    You have a few options.

    1. use the bridge instead of router

    2. Requests Comcast to allow you to use a residential modem instead of the SMC.

    3. use the DMZ to set the router on the gateway firewall.

    4. my personal favorite, ask ComcastLarry to set the bridge mode bridge for you so that the E2000 works as the router. For this option, look at the 37th post

  • Help E1200 NAT!

    I open my NAT for xbox using Port triggering, but I can't open my NAT for the PC because it uses no ports!

    I can't host a game using any MMO game, and I can't host all matches MW3/Black Ops too!

    any help please!

    and thank you!

    You can try to open the ports that are used by these games.

    Go to these games support site and search for port numbers used by these games.

    Assign a static Ip address to your PC. Pass port numbers for the Ip address of your PC,

  • I have nat type 3 on my ps3 help

    Hi im new to the Ant

    I have a ps3 and I got a wrt54g2 router with: 1.0.04)is firmware which has nat type 3 and I was wondering if someone can help me set up my router nat taype 2 like a vid or something please and thank you for your support

    Follow this procedure to configure your router. This procedure to set up the PS3. Follow the steps carefully. Reset the default router and configure it from scratch might help.

  • E1000 plus PS3 NAT Type 3 Help is

    I know this has been asked before, but nothing seems to work for me. My story is:

    I had a WRT150N with a modem in Bridge mode and had NAT Type 2 while playing the PS3. The router has crashed and I got an E1000 in its place, he came with the basic installation CD, so I ran that. Then I was getting NAT Type 3. So I called Linksys and AT & T and could not help me, we have opened the ports that Playstation has given me and made sure that UPnP is enabled and all the things they could think of my open NAT type. But nothing worked, so if anyone knows anything I could do please let me know. Its just hard to believe that its my playstaion when I got a NAT Type 2 before my old router is not crushed. I'll provide screen shots that you need, I can't bear to have this NAT type it cause messes with my online game.

    Thanks for the help,

    Grant

    Have you set up PPPoE for the new router and switch your modem in bridge mode?

  • NAT Type help

    Hello I have a router linksys wrt310n versoin 1.0 and im trying to get nat open for my ps3, I set up a static for her ip address and I've implemented portforward for the ports, I tried to put the ps3 in the DMZ and nothing works the only thing I've found to work is to reboot the router I get an open nat type , I'm getting frustrated with this router someone please help

    Weird... I'm sure thay, you know what you are doing and open ports for a device is not that hard, so I still stand by the advice that is for you to get a new router. Or if you want, you can find a good router (with or without wire) and use the Wrt310n as a switch/AP.

    The fact that it works for you after the reset of the router really makes me think that you encounter the same problem that I did.

  • I need help, open my NAT for an xbox 360 on a WRT160N v3

    Hey guys. I just got a new wrt160N v3 and I need help on opening the NAT. I use to have the wrt160N v2 but I replaced it. so can you guys please help me. Thank you

    Okay I found the solution myself. Here's what you do:

    Open a Web browser and type your default gateway which is usually: 192.168.1.1

    After you do this type in as the admin and the password admin its also admin once you open a session go in application and games and go to the subcategory "port range forwarding."

    For the first set appliction Xbox1 and the beginning and the end, the port numbers are 88. The Protocol is both and the IP address must end at 120.

    For the second application updated Xbox2 and the beginning and the end, the port numbers are 3074. The Protocol is both and the IP address must end at 120.

    For the third set appliction Xbox3 and the beginning and the end, the port numbers are 53. The Protocol is borh and IP address must end at 120.

    For the fourth request put Xbox4 and beginning and end, the port numbers are 80. The Protocol is both and the IP address must end at 120.

    Save the settings and once you go back to the installation page, make your size MTU 1364. Save the settings and then go to security and uncheck the anonymous internet requests to filter. Save the settings.

    Go to the administration tab, and then make sure that UPnP is enabled. If it is not, turn it on and save the settings.

    Tour of your router and the modem. Wait a minute and plug the modem first. Once it starts up plug in the router and your NAT must be open for xbox live.

  • Help setting Nat MW2

    I am completely new to wireless internet, but in any case, my problem is I do not know how to configure my router to open the Nat, I don't know what it is.  The problem is with modern warefare 2 and it is 'strict' nat setting.  I don't know what to do to open nat for I can put more server.  It may have been answered before but I need help.

    My router is.  WRT160N

    Thanks Wizard which worked very well.

  • Need help to understand political static with Nat No.

    Hi all

    I have a Pix 515e with 6 interfaces. 5 interfaces are considered as internal that we don't want any translation NAT occur between them. We want only NAT between the 5 and the external interface.

    I created a No_Nat ACL successfully to not manage any portion of nat.

    What I have trouble understanding is the static command to allow traffic between higher levels to lower levels and vice versa.

    I understand the

    public static inside_address outside_address (indoor, outdoor)

    for the part of NAT translation.

    What I do not understand, this is when the inside address and address outside are the same, what order are going. For example, my inner interface (192.168.1.0/24) (sec100) is where the live servers, and I have another interface named accounting (192.168.2.0/24) (sec75).

    If I don't want no nat occurs between these two, I have the following

    No_Nat of the 192.168.1.0/24 192.168.2.0/24 ip access list permit

    No_Nat of the 192.168.1.0/24 192.168.2.0/24 ip access list permit

    NAT (inside) 0-list of access No_Nat

    NAT (accounting) 0-list of access No_Nat

    Now how can I enter the static command?

    Maybe

    static (inside, accounting) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

    or

    static (inside, accounting) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

    or

    static (accounting, inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

    or

    static (accounting, inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

    I do not understand the prescription for it and why it would be used one verses the other way. Is the security level determines the order? Do I need two static command, one for each direction?

    Thank you

    Denny

    Hello denny

    static can be defined in any way... its only traffic that determines what it... for example, if accounting dmz is access to any server on your inside interface, you normally want the accounting servers see the original on its public IP server inside... so, you will end up as static

    static (inside, accounting) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

    only the above static command is sufficient to establish connectivity between inside and dmz accounting. u don't need 2 static on any sense...

    Similarly, if you want to inside users to access a server on the dmz accounting, you can write a static type

    static (accounting, inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

    hope you understand. Let us know if you need help... but normally a statement nat 0 is more than enough for the inside / dmz communication

    Kind regards

    REDA

  • NAT router 1841 and 3550 switch help

    Hi experts, I need some help with setting up a network.  Network diagram is attached.

    I created 3 VLANs on the 3550 Switch and activated InterVLAN Routing.  I can't do a ping from one VLAN to another.  I've added static routes to networks VLAN on the router.  Is the only part I'm not sure where and how configure NAT?  For example, if it was just a standalone router Cisco 1841 I would just create list of access and NAT FA 0/0 outside and FA 0/1 on the inside.  It would be great if someone can give me an example or point me to the right direction.

    Router ISP--> Cisco 1841--> Switch Cisco 3550

    Cisco 1841 router:

    FA 0 / 0--> WAN Interface

    IP address: 30.20.10.2

    FA0 / 1 Interface LAN connected to the 3550 switch-->

    IP address: 10.0.0.1/24

    Cisco 3550 switch:

    FA 0 / 24--> to connect to the Cisco 1841 router

    IP address--> 10.0.0.2/24

    FA 0/1 - 0 / 10--> VLAN 1

    FA 0/11 - 0 / 20--> VLAN 2

    FA 21/0 - 0 / 23--> VLAN3

    Thank you

    Hello, it's the same thing, but in your access list, you need allow all of your internal address ranges. On your router and 3550 make sure routing everything is OK, you say you have connectivity.

    This means that your network 10 should be able to get to your 192 networks and vice versa.

    On your 3550, you can have a default route to the router. And your router should have roads to 192 networks via the address 10 of the 3550.

    Then the NAT configuration

    Int fa0/1
    IP NAT inside

    Int fa0/0
    NAT outside IP

    IP access-list standard MYNAT
    Permit 10.0.0.0 0.0.0.255
    Permit 192.168.1.0 0.0.0.255
    Permit 192.168.2.0 0.0.0.255
    Permit 192.168.3.0 0.0.0.255

    And then in your NAT statement

    IP NAT inside source list MYNAT interface fa0/0 overload

    Hope this helps

    Sent by Cisco Support technique iPhone App

  • IOS - help with VPN IPsec L2L with NAT

    Hello guys

    I tried to get VPN to work for a specific scenario where I do NAT for VPN traffic to avoid the duplication of subnet.

    I found several guides on cisco.com, but all the ones I found does not (or how) overload NAT (for internet traffic), I need for my setup.

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00800b07ed.shtml

    http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a0080a0ece4.shtml

    Basically, I need to know how the configuration looks like when make you static NAT in a VPN tunnel as well as provide internet connectivity using NAT in the same router?

    I have attached a drawing that needs to better explain my needs.

    Someone knows a guide that shows how to do this?

    Best regards

    Jesper

    You can use a static policy NAT NAT the traffic:

    access-list 101 permit ip 10.0.0.0 0.0.0.255 10.30.10.0 0.0.0.0.255

    access-list 102 deny ip 10.0.0.0 0.0.0.255 10.30.10.0 0.0.0.0.255

    access-list 102 permit ip 10.0.0.0 0.0.0.255 any

    policy-NAT allowed 10 route map

    corresponds to the IP 101

    internet-NAT allowed 10 route map

    corresponds to the IP 102

    IP nat inside source static network 10.0.0.0 road policy-NAT 10.30.10.0/24-feuille

    IP nat inside source map route internet-NAT interface overloading

    Hope that helps.


Maybe you are looking for

  • Re: Satellite Pro L450D - 12 X - how to access the recovery partition?

    Hello I've formatted Windows 7 with a Windows XP CD but did not setup. I wanted to know how to access the recovery partition to set it by default, everything exists on the laptop right now is Ubuntu, but I don't know, I saw an additional partition th

  • Pilot missing Balckberry 9800 for my smartphone.

    Original title: Balckberry 9800 device driver. I am running windows 7, but cannot associate my BB 9800 properly, because of a pilot missing for my smartphone. Pls help!

  • No more don't Holdem?

    I know that the Ultimate Extras are no more with Windows 7, but is it possible to use the Vista Ultimate Extras now that I upgraded to Win 7?  I am especially interested in Hold em. Colin Barnhorst Windows 7 Ultimate x 64 on DIY with 6 GB of ram.

  • Solitare - stretch deals

    Ive installed windows7 64 bit.  In recent weeks, I have palyed quite a few games of solitaire.  Most of the time, I cancel the game and reload soltare from scratch. I did not write the specific card down so it's just a thing of memory, but I'm sure t

  • How to upgrade my video card?

    My kids want to play minecraft on my laptop but I get this error msg Bad video card drivers!----------------------- Minecraft could not start because it did not find an accelerated OpenGL mode.Generally, this can be corrected by updating the video ca