Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
1
Replies

NAT question

vramanaiah
Level 1
Level 1

‎01-21-2007 12:54 PM - edited ‎03-11-2019 02:22 AM

I have probably a very basic question on NAT..

Assume a PIX/FWSM has about 10 interfaces DMZ1 to DMZ10.

DMZ X Network is 10.1.X.0

Now i would like to achieve this..

I would like to hide the 10.1.X.0 from each other.. If a host on DMZ1 i/f communicates with any other DMZ, it must be seen as 192.168.1.1 rather than being seen as 10.1.1.1.

Same rule applies to all DMZs..

Is this possible in first place.? If yes, what commands i would need on the PIX.

Thanks in advance

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎01-21-2007 03:37 PM

hello ramanaiah,

yes.. this is possible.. you just need to do use the static command and the required ACL's on the interfaces... ACL's will be required when communication is only between a lower security to a higher security zone..

for eg:

your inside IP - 10.1.1.1

DMZ 1 IP - 192.168.100.1

you can use a free IP on the DMZ 1 segment and use the following command:

static (inside,DMZ1) 192.168.100.100 10.1.1.1 netmask 255.255.255.255

depending on the access, u can allow specific ports using an ACL:

access-list DMZ1 permit tcp any host 192.168.100.100 eq 23

access-group DMZ1 in interface DMZ1

you need to carefully build these commands and keep giving access between the DMZ networks...

Hope this helps.. all the best.. rate replies if found useful..

RAj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card