02-09-2011 12:39 AM - edited 03-11-2019 12:47 PM
Hello
I am using Cisco Security Manager v3.3.0 and FWSM 3.1(7)
Does anyone know the best way to nat all addresses behind the outside interface IP only, for example:
Source 10.10.10.0/24
Destination 10.20.20.1
Outside Int 10.20.20.250
I would like multiple connections from the source network to all arrive at the destination with a source address of 10.20.20.250
I've taken a look at the CSM config and believe that I should create a pool with just one IP address (that of the outside interface) and then use this pool in either a dynamic or policy dynamic nat rule.
Does this sound like the right way to do it? Does anyone know i any gotcha's that I should be aware of please????
Thanks all in advance.
Anthony
02-09-2011 02:19 AM
Assuming that your source subnet is in higher security level than your destination subnet, then you can create dynamic NAT as follows:
+ also assuming that the source subnet interface name is inside and the destination interface name is outside:
access-list nat-inside permit ip 10.10.10.0 255.255.255.0 host 10.20.20.1
nat (inside) 1 access-list nat-inside
global (outside) 1 interface
If you would like to NAT 10.10.10.0/24 subnet to any destination, then you can configure the following:
nat (inside) 1 10.10.10.0 255.255.255.0
global (outside) 1 interface
Then "clear xlate" after the changes.
Hope that helps.
02-09-2011 03:30 AM
Hi Jennifer
Thanks for the response, it clarifies things in that it can be done, I dont suppose you know which of the options to use in the CSM GUI do you?
There is the choice of dynamic or policy dynamic. I noticed in the configuration of NAT pools there is the option to
Anthony
02-09-2011 09:04 PM
If the NAT statement is with access-list, then it would be policy dynamic.
If the NAT statement is just subnet, then it would be dynamic.
For the Global pool, it should be just the interface keyword, you don't have to configure any specific ip address if you would like to PAT it to the interface ip address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide