07-07-2002 08:02 PM - edited 02-20-2020 10:09 PM
coule the pix change source and destionation address to another sour. and dest. ip address when ip packet pass the pix firewall ?
for example :
sour. 10.1.1.1 / dest. 10.2.2.2 --> PIX --> sour. 172.1.1.1 dest. 172.2.2.2
how could i do if could ??
thx...
07-07-2002 10:52 PM
you can change the source 10.1.1.1 to 172.1.1.1 with nat (outside) on PIX 6.2
http://www.cisco.com/warp/public/707/28.html#outnat
changing destination NAT is using the normal static command with ACL.
HTH
R/Yusuf
07-07-2002 11:19 PM
thank you very much!
but , would you like to give me more tips about changing dest. ip address with the normal static command with acl ?
pyle wang
07-07-2002 11:28 PM
eg
dest. 10.2.2.2 NAT to 172.2.2.2 inside host
static (inside,outside) 10.2.2.2 172.2.2.2 netmask 255.255.255.255
access-list 101 permit ip any host 10.2.2.2
access-group 101 in interface outside
If the 172.2.2.x is your inside subnet i.e. ethernet1 then above config is sufficient, if not, then you also need to add a static route as follows;
route inside 172.2.2.0 255.255.255.0 172.2.2.x (next-hop of your inside device)
HTH
R/Yusuf
07-16-2002 06:21 AM
I have done this using Nat and global for the src nat and I used the alias command to do the dst nat. Works pretty well. The following command will do the trick.
alias (inside) 10.2.2.2 172.2.2.2 255.255.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide