01-28-2004 05:22 AM - edited 03-09-2019 06:15 AM
I have a customer that has a peculiar situation that requires a static NAT to a host on a subnet remote to the inside of the PIX. This remote host has a static route back to the PIX but it uses a DIFFERENT default route. This creates the problem: the original public IP address remains as the source address in the IP header through the translation on the PIX. The remote host, when replying to the request, always attempts to respond back out through its default route, not back throught the WAN because the source address in the IP header is the public address of the original sender, not the private address of the PIX. Is there any way I can replace the original public source address with the inside interface of the PIX or some other inside address?
01-28-2004 08:12 AM
Hi,
Have you considered configuring bi-directional NAT in this case? This was a new feature added in 6.2 (I think) that allows you to NAT the source address of packets going from a less secure interface to a more secure interface (opposite of what you would normally think of). You would then need to create a static route on the host pointing back to the PIX for the address that you NAT the external packet to. Check the command ref in 6.3 for the syntax and post back your questions if you have any.
Scott
01-28-2004 11:14 AM
Not a bad suggestion but it looks like all of the documentation points to mapping an explicit public address to an explicit private one. This would replace the original source address but the source could be any address on the Internet so that wouldn't work for me. I'm still going to play with the settings and see if I can't get something of a PAT process going in reverse. I'm also going to try port-redirection to see if that modifies the original source address. Any further suggestions or ideas are still most welcome!
Rik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide