03-19-2008 02:33 AM - edited 03-11-2019 05:19 AM
Hello,
I am searching for solution on how to do a source and destination NAT on PIX 506E.
I attach the drawing. Let's say I have a web server inside. I have created a destination NAT, that traffic which goes on 200.200.200.200 is nat'ed on 192.168.1.2.
I would like also, that any traffic from Internet, would be source NATed on PIX inside interface. So web server would see incoming transactions as sourced from PIX inside.
I was able to do a source and destination NAT, but only one to one:
static(inside,outside) 200.200.200.200 192.168.1.2
static(outside,inside) 100.100.100.100 192.168.2.1
Could somebody show me how to do a source NAT from any address to singe IP-Interface of PIX inside?
Thanks in advanced.
Michal
Solved! Go to Solution.
03-19-2008 05:13 AM
add following commands :-
nat (outside) 1 0 0 outside
global (inside) 1 interface
static(inside,outside) 200.200.200.200 192.168.1.2
see if this helps !
03-19-2008 05:13 AM
add following commands :-
nat (outside) 1 0 0 outside
global (inside) 1 interface
static(inside,outside) 200.200.200.200 192.168.1.2
see if this helps !
03-19-2008 06:42 AM
It works, I have tested that in lab!!! I have been searching for solution for the whole day and found nothing, but now as I look at your config it is clear :)
Thanks!
03-19-2008 02:31 PM
Hi,
It seems that it works, but after applying it, the other nat global-1 that hide all local networks to the internet is not working:
nat (outside) 2 access-list source-nat outside
global (inside) 2 interface
access-list source-nat permit ip any host 200.200.200.200
nat (inside) 1 access-list nat
global (outside) 1 global-ip-address
Could somebody help me out with this one?
Thanks.
Michal
03-20-2008 05:04 AM
can you try internet access from a host other than the one mapped in static
03-20-2008 05:41 AM
I have pix 525 with 7.2(3)8. I wanted to configre simple nat for inside and dmz.
This is my test lab. I know there are options of static and access-list. But i wanted to test this configuration.
I want my dmz user when access the inside network they use nat not static. and same i wanted to have with my inside user while they access dmz.
global (dmz) 1 interface
global (inside) 3 interface
nat (dmz) 3 10.0.0.0 255.255.255.0 outside
nat (inside) 1 172.28.92.0 255.255.255.0
access-group outside in interface outside
access-list dmz extended permit ip host 10.0.0.3 host 172.28.92.72
access-list dmz extended permit ip host 10.0.0.3 host 10.0.0.1
I have tried all possibilties but fail, even only first time at the start of lab, i use no-nat control but later on it was also stop working.
Now only static configuration is working i am able to use internet. But with this dmz nat and vice versa is not working.
few time ago, i was able to ping from inside to dmz but after sometime later it also stop working. I dont know why this is happening.
why nat control is not working. really strange situation.
03-25-2008 12:51 PM
Hi,
Try to use this configuration
nat (dmz) 3 10.0.0.0 255.255.255.0
global (inside) 3 10.0.0.0 255.255.255.0
nat (inside) 1 172.28.92.0 255.255.255.0
global (dmz) 1 172.28.92.0 255.255.255.0
and remove the dmz access list.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide