cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1086
Views
0
Helpful
4
Replies

could pix change source and destionation address at the same time ?

pyle.wang
Level 1
Level 1

coule the pix change source and destionation address to another sour. and dest. ip address when ip packet pass the pix firewall ?

for example :

sour. 10.1.1.1 / dest. 10.2.2.2 --> PIX --> sour. 172.1.1.1 dest. 172.2.2.2

how could i do if could ??

thx...

4 Replies 4

yusuff
Cisco Employee
Cisco Employee

you can change the source 10.1.1.1 to 172.1.1.1 with nat (outside) on PIX 6.2

http://www.cisco.com/warp/public/707/28.html#outnat

changing destination NAT is using the normal static command with ACL.

HTH

R/Yusuf

thank you very much!

but , would you like to give me more tips about changing dest. ip address with the normal static command with acl ?

pyle wang

eg

dest. 10.2.2.2 NAT to 172.2.2.2 inside host

static (inside,outside) 10.2.2.2 172.2.2.2 netmask 255.255.255.255

access-list 101 permit ip any host 10.2.2.2

access-group 101 in interface outside

If the 172.2.2.x is your inside subnet i.e. ethernet1 then above config is sufficient, if not, then you also need to add a static route as follows;

route inside 172.2.2.0 255.255.255.0 172.2.2.x (next-hop of your inside device)

HTH

R/Yusuf

jerryd
Level 1
Level 1

I have done this using Nat and global for the src nat and I used the alias command to do the dst nat. Works pretty well. The following command will do the trick.

alias (inside) 10.2.2.2 172.2.2.2 255.255.255.255

Review Cisco Networking for a $25 gift card