It is not quite unusual where you do a static port map using the IP address assigned on the outside interface in either PIX or ASA to map different services inside your network, something like this;

   1: static (inside,outside) tcp 1.1.1.2 www 10.10.10.2 www 255.255.255.255

   2: static (inside,outside) tcp 1.1.1.2 smtp 10.10.10.3 smtp 255.255.255.255

   3: static (inside,outside) tcp 1.1.1.2 domain 10.10.10.4 domain 255.255.255.255

   4: static (inside,outside) udp 1.1.1.2 domain 1010.10.4 domain 255.255.255.255

 

It could be either the IP address on the outside interface or an available public IP address as well. Now the problem here is, how do you allow ping to these servers.

The first line; maps HTTP traffic coming over to 1.1.1.2 and redirects to 10.10.10.2 on the inside LAN machine. Now, if I want to allow PING to work for the server 10.10.10.2 from anybody in the Internet, how do I do that?

I’m afraid the answer is ‘You Can’t’ The reason being, there is no 1-1 mapping

Normal Scenario’s where you can do this is, if you do a Static NAT instead of Static PAT as below;

   1: static (inside,outside) 1.1.1.2 10.10.10.4 255.255.255.255

   2:  

   3: access-list Outside-In permit tcp any host 1.1.1.2 eq HTTP

   4: access-list Outside-In permit icmp any host 1.1.1.2 echo

   5:  

   6: access-group Outside-In in interface outside

If you guys know that it can be done in any other way, lemme know as well :-)