PIX 535 NAT questions

jeff.vargas · ‎10-23-2006

My entire network access everything on the outside using Nat0. Is it possible to have the entire network acces a single outside destination address via a nat'd address?

So, if I'm going anywhere on the outside I don't get address translated but if I'm going to this singe destination address I go to it as this single NAT'd address? If this is possible can you give me a clue on how to do this? I'm assuming if it is possible I'll have to use an ACL.

cpembleton · ‎10-23-2006

Create an ACL for the traffic you want to NAT. Apply it to the nat statement.

access-list nat permit ip 172.23.10.0 255.255.255.0 10.10.10.1 255.255.255.255

nat (inside) 2 access-list nat

Hope this helps.

Chad

jwalker · ‎10-23-2006

I think what you are referring to is called policy static. Here is a configuration example.

access-list outbound_access extended permit ip 172.16.1.0 255.255.255.0 192.168.1.1

static (inside,outside) 10.10.10.1 access-list outbound_access

** Please rate if this helps **