Nat and PIX

johnleeee · ‎08-04-2004

Id like to ask for some little info

when I have for example notoreous network local

192.168.1.0/24 and I want to NAT on PIX :

nat(inside) 2 192.168.1.0 255.255.255.0 0 0

nat(inside) 3 192.168.1.1 255.255.255.255 0 0

nat(inside) 3 192.168.1.2 255.255.255.255 0 0

global(dmz) 2 192.100.100.1 netmask 255.255.255.255

global(dmz) 3 192.100.100.2 netmask 255.255.255.255

would it be possible to do that though 192.100.100.1 and 192.100.100.2 is inside 192.168.1.0.

thanks jl

didyap · ‎08-10-2004

I am not able to fully understand the question, but I am sure you would be able to find some useful info in the following sample configs.

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

johnleeee · ‎08-10-2004

Hi,

my question was if its possible to

use NAT for all inside network for example

and in parallel(same time) use only one address for

another NAT(static) or PAT from the same pool.

reg

jl

NUNO PIMENTA · ‎08-11-2004

Hi there,

Since this is my first post, i hope i'm not doing any mistakes.

After version 6.3(x) u can use an access-list with a specific nat.

So i think u can do what you want using:

access-list special permit ip host 192.168.1.1 any

nat (inside) 2 access-list special

nat (inside) 3 192.168.1.0 255.255.255.0

global (outside) 2 192.168.100.1

global (outside) 3 192.168.100.3

Regards

Nuno

johnleeee · ‎08-11-2004

Ok guy,

first thanks for advice.

What about without access-list

nat (inside) 2 192.168.1.1 255.255.255.255

nat (inside) 3 192.168.1.0 255.255.255.0

global (outside) 2 192.168.100.1

global (outside) 3 192.168.100.3

Can I do that? If yes , why through access-list?

reg jl

mostiguy · ‎08-12-2004

You should just use a static command if you are doing a one to one nat, like you are for .1.1 to .100.1. You config might work, but the static is the normal way to do a one to one static nat