Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
5
Helpful
2
Replies

destination nat question on PIX

firestartest
Level 1
Level 1

‎01-25-2005 06:47 AM - edited ‎02-20-2020 11:53 PM

I have the following

Inside - 10.0.0.1

DMZ - 20.0.0.1

Outside - 30.0.0.1

Host (inside) 10.0.0.100

Server (dmz) 20.0.0.100

Can I use some sort of destination nat so that a pc on the inside can talk to the server on the dmz using an IP address that is not on any PIX interfaces.

E.G. Host 10.0.0.100 wants to talk to 90.0.0.100

the PIX changes this destination to 20.0.0.100

I can get it working if the translation changes from an address that is part of a directly connected subnet. E.G. 10.0.0.100 talks to 10.0.0.50 which translates to 20.0.0.100

Can you do this or do you have to have an IP address that is part of the network?

0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎01-25-2005 01:16 PM

no, you dont need to have an ip address that is part of any interface's network.

you should be able to use

static (dmz,inside) 90.0.0.100 20.0.0.100

thanks

Nadeem

aashish.c
Level 4
Level 4

‎01-27-2005 06:22 AM

Hi,

We need to use the alias command to perform dnat:

alias(inside) 90.0.0.100 192.168.100.10 255.255.255.255

This will do the DNAt. after this you have to make a static NAt for virtual_ip and internal ip 20.0.0.100

This document will help you in configuring :

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

regards

aashish C

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card