Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
2
Replies

Help with PIX config with policy NAT

dagates
Level 1
Level 1

‎05-17-2005 12:58 PM - edited ‎02-21-2020 12:08 AM

We have a PIX firewall with v6.3(4) os.

I want to nat traffic headed out of the outside interface to a specific subnet.

inside 172.16.0.1 /24

outside 172.16.1.1 /24

I want to nat traffic from workstations on the 172.16.0.0/24 subnet going through the PIX to a subnet on the outside interface, 10.10.10.0. It should look like it is originating from 172.16.1.2.

Traffic from 172.16.0.0/24 subnet going to all other subnets on the outside interface to not be natted. It sould keep a source address of 172.16.0.0/24.

this is to support a migration and isn't long term.

0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎05-17-2005 05:25 PM

The following should get you going:

access-list policynat permit ip 172.16.0.0 255.255.255.0 10.10.10.0 255.255.255.0

nat (inside) 1 access-list policynat

global (outside) 1 172.16.1.2

nat (inside) 0 172.16.0.0 255.255.255.0

Policy NAT has preference over standard NAT, so if the traffic matches the access-list it'll be PAT'd to 172.16.1.2, otherwise it'll go out without being NAT'd.

0 Helpful

dagates
Level 1
Level 1
In response to gfullage

‎05-17-2005 06:10 PM

Does utilizing commands not supported by the PDM, would the PDM be disabled? ie not able to be utilizes to perform other configuration tasks.

Our NOC and level 2 support would still be able to utilize the PDM to perform other simple configuration tasks not related to the policy nat.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card