Re: The question about pix dynamic nat

wjj94 · ‎09-28-2003

Hi Nadeem:

my question : in the pix dmz interface ,It have two hosts,using the ip address:172.10.10.35 for service,but the ip is virtual ,the real hosts ip are 172.10.10.33,172.10.10.34;clients access the 172.10.10.35 ,and the active host(example 172.10.10.33) reply ,the source ip address is 172.10.10.33 of receive packets by the clents,not 172.10.10.35.

For I want use command static() achieve NAT: interface dmz 172.10.10.35 to inside 10.10.10.40 .The clients access the ip :172.10.10.35 would access 10.10.10.40

,and return the source ip address 172.10.10.33 can't be translated ,the access is fault .

I try use command :static (dmz,inside) 10.10.10.40 172.10.10.35 netmask 255.255.255.255 ,just complete one way ip address translate,and the other way :the ip address 172.10.10.33 in the return packet not be translated.

I think if use dynamic nat achieve more than one ip address in the interface dmz translated one (just) ip address in the inside interface .

how can I do? our pix ver 6.2(3)

thanks

junjiang

drolemc · ‎10-03-2003

You seem to be trying to load balance traffic on multiple servers. On Cisco IOS, this is possible using a feature called TCP Load Distribution (http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9b8b.html#xtocid1349912). I do not think that the same can be configured on a PIX.

wjj94 · ‎10-13-2003

drolemc

thanks, I think the way of NAT on a pix wouldn't accomplish our requirement .I want do it by both pix and router .

thanks your reply.