cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1807
Views
0
Helpful
3
Replies

Need Help - Pix 515 v6.3(5) outbound nat using Static ?

dclee
Level 1
Level 1

I have a unique situation where I have the following inside network being translated to an outside public IP

so nat (inside) 1 192.168.10.0 255.255.255.0

     global (outside) 1 207.x.x.3

This works great, however I need one of those inside hosts (192.168.10.27)  to be translated to a unique outside ip 207.x.x.4

Can I simply do this ?

Nat (inside) 2 192.168.10.27

global (outside) 2 207.x.x.4

Will the translation table not hit the 1st Nat 1 statement and pass thru on .3, or will it actually trickle down to Nat 2 statement and match on .4

Any help would be appreciated.

Cheers

Dave             

3 Replies 3

That is what the static translations are for:

static(inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255

These have a higher priority then the dynamit translations with nat and global.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

nkarthikeyan
Level 7
Level 7

Hi dave,

You can use the static NAT to achieve the requirement which you have specified.

static (inside,outside) 207.x.x.4 192.168.10.27 netmask 255.255.255.255

You can refer the below guide for more information on the static NAT.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1026694

By

Karthik

Please do rate if the given information helps.

Jennifer Halim
Cisco Employee
Cisco Employee

To answer your question, yes, you can configure the more specific NAT statement as you have stated:

Nat (inside) 2 192.168.10.27

global (outside) 2 207.x.x.4

as the more specific NAT statement will take precedence over the generic NAT statement.

Just have to make sure that you "clear xlate" after the new config.

Here is the NAT order of operation and in your case, point number 4 is what you are after:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/cfgnat.html#wp1042696

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: