[sebastan_bach]

hi am i am having NGXR65 and i have configured manual static nat .

i have a policy permitting telnet traffic from any to the static nat address.

in my global properties i have enabled manual nat rules
translate destination on client side.

my internal host is 10.1.1.254 and my static nat address is 60.1.1.1.
my external host is 1.1.1.2 and firewall internal interface
firewall internal interface ip address is 10.1.1.100
firewall external interface ip address is 1.1.1.1

both the internal host and the external host are cisco routers. .

on firewall i have a default route pointing to the external host.

here;s are my nat rules.

rule 1

in the original packet
source inside-host(10.1.1.254) destination any service any

in the translated packet
source static-host(60.1.1.1) destination any service any

rule2

in the translated packet
destination statichost(60.1.1.1) source any service any

in the original packet
destination insidehost(10.1.1.254) source any service any

in the global properties nat page i have enabled i manual nat rules
translate destination on client side.

in the security rulebase i have added a rule to permit any to static-host telnet.

on the outside router i am having a route for 60.1.1.1 pointing to the external interface of the firewall.

i guess with these routes and since the static nat address is not in the same subnet of the external interface of the firewall i will not be needing any proxy arp entries on the firewall right.

cause when the cisco router does a AND operation for 60.1.1.1 it sees it has got a route so it will directly send it to the external interface of the firewall.

but still from past 2 days i am working out on this and not able to reach the internal host from the external host.


can someone pls help me out. i am really having a tuff time with this.

regards

sebastan