07-20-2005 06:20 PM - edited 03-09-2019 11:54 AM
Hi,
If I have the configuration below where I nat a range of IP to another IP range going to 2 different sites.
Will it cause any problem?
access-list acl_test permit ip 99.99.1.0 255.255.255.0 203.203.203.0 255.255.255.0
access-list acl_test permit ip 99.99.1.0 255.255.255.0 204.204.204.0 255.255.255.0
nat (inside) 1 access-list acl_test
global (site1) 1 99.99.10.0-99.99.10.254 netmask 255.255.255.0
global (site2) 1 99.99.10.0-99.99.10.254 netmask 255.255.255.0
TIA.
PF
07-21-2005 01:57 AM
Hi,
This should be possible using policy nat on the PIX.
You have almost got this correct, you don't need the second global (site2) statement as they both have the same addressing, see below :)
# access-list acl_test permit ip 99.99.1.0 255.255.255.0 203.203.203.0 255.255.255.0
# access-list acl_test permit ip 99.99.1.0 255.255.255.0 204.204.204.0 255.255.255.0
# nat (inside) 1 access-list acl_test
# global (outside) 1 99.99.10.0-99.99.10.254 netmask 255.255.255.0
If you want to read up on policy NAT have a look at the following link:
Rgds
PJD
07-21-2005 02:21 PM
PJD,
Thanks for the reply. I will read up on the link attached. Don't you need 2 global statements if site1 and site2 on different interfaces? Ie. site1 on interface dmz1 and site2 on interface dmz2?
Thanks.
PF
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: