cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1580
Views
0
Helpful
3
Replies
Highlighted
Beginner

Need Help - Pix 515 v6.3(5) outbound nat using Static ?

I have a unique situation where I have the following inside network being translated to an outside public IP

so nat (inside) 1 192.168.10.0 255.255.255.0

     global (outside) 1 207.x.x.3

This works great, however I need one of those inside hosts (192.168.10.27)  to be translated to a unique outside ip 207.x.x.4

Can I simply do this ?

Nat (inside) 2 192.168.10.27

global (outside) 2 207.x.x.4

Will the translation table not hit the 1st Nat 1 statement and pass thru on .3, or will it actually trickle down to Nat 2 statement and match on .4

Any help would be appreciated.

Cheers

Dave             

3 REPLIES 3
Highlighted
VIP Mentor

That is what the static translations are for:

static(inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255

These have a higher priority then the dynamit translations with nat and global.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted
Rising star

Hi dave,

You can use the static NAT to achieve the requirement which you have specified.

static (inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255

You can refer the below guide for more information on the static NAT.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1026694

By

Karthik

Please do rate if the given information helps.

Highlighted
Cisco Employee

To answer your question, yes, you can configure the more specific NAT statement as you have stated:

Nat (inside) 2 192.168.10.27

global (outside) 2 207.x.x.4

as the more specific NAT statement will take precedence over the generic NAT statement.

Just have to make sure that you "clear xlate" after the new config.

Here is the NAT order of operation and in your case, point number 4 is what you are after:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/cfgnat.html#wp1042696

Hope that helps.

Content for Community-Ad