NAT question

vramanaiah — Mon, 11 Mar 2019 09:22:40 GMT

I have probably a very basic question on NAT..

Assume a PIX/FWSM has about 10 interfaces DMZ1 to DMZ10.

DMZ X Network is 10.1.X.0

Now i would like to achieve this..

I would like to hide the 10.1.X.0 from each other.. If a host on DMZ1 i/f communicates with any other DMZ, it must be seen as 192.168.1.1 rather than being seen as 10.1.1.1.

Same rule applies to all DMZs..

Is this possible in first place.? If yes, what commands i would need on the PIX.

Thanks in advance

Re: NAT question

sachinraja — Sun, 21 Jan 2007 23:37:58 GMT

hello ramanaiah,

yes.. this is possible.. you just need to do use the static command and the required ACL's on the interfaces... ACL's will be required when communication is only between a lower security to a higher security zone..

for eg:

your inside IP - 10.1.1.1

DMZ 1 IP - 192.168.100.1

you can use a free IP on the DMZ 1 segment and use the following command:

static (inside,DMZ1) 192.168.100.100 10.1.1.1 netmask 255.255.255.255

depending on the access, u can allow specific ports using an ACL:

access-list DMZ1 permit tcp any host 192.168.100.100 eq 23

access-group DMZ1 in interface DMZ1

you need to carefully build these commands and keep giving access between the DMZ networks...

Hope this helps.. all the best.. rate replies if found useful..

RAj

topic NAT question in Network Security

NAT question

Re: NAT question