Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
4
Replies

NATing based on Destination address

dbrisson
Level 1
Level 1

‎11-09-2000 06:47 PM - edited ‎03-08-2019 07:49 PM

Was wondering if anyone out there has run into the same problem I have. I have a PIX firewall that I want to use to connect to the Internet as well as connect via VPN to our ASP. The problem is I am using private addressing in my network so I have to NAT out to the Internet. But now my ASP needs me to perform NAT on the PIX to a different private address so I can connect to them. That wouldn't be a problem, but when I do that I can't get to the Internet b/c I now am NATing to a private address which isn't routable on the Internet. So my question is, is there a way to NAT based on the destination address of a packet? Meaning, when I want to talk to my ASP trigger the VPN and use the Private NAT, but when I want to go anywhere else NAT with the global address that I got from my ISP.

Any help is much appreciated.

Labels:
0 Helpful
4 Replies 4

s.jankowski
Level 4
Level 4

‎11-17-2000 12:16 PM

The only way you can NAT based on destination is to use an additional PIX interface. Once you have that you can setup a NAT pool when destined for this additional interface and an Internet NAT pool for the outside interface.

0 Helpful

2d-ruttino
Level 1
Level 1
In response to s.jankowski

‎11-22-2000 12:06 PM

You may be able to accomplish this by using policy based routing. I have used this method to prevent static NAT from occuring when the host is talking to a VPN client. I create a route map that points to an access list to define the source and destination and set the next hop to the same network as a loopback interface. This allows the traffic to pass without NAT even though I have a static translation defined. This may not directly answer your question, but the concepts may help you accomplish your task.

0 Helpful

5cgray
Level 1
Level 1
In response to 2d-ruttino

‎08-08-2001 08:03 AM

2d-ruttino.....Could you send me an example config for this.??

I have a similar requirement. I need to receive an IP packet, strip and replace DA and SA based on source address.

Many thanks

reply email address: graycusa@yahoo.com

0 Helpful

rrbleeker
Level 1
Level 1

‎08-10-2001 01:57 PM

Would your ASP agree if you wouldn't use NAT for traffic between your network and the ASP? This way you can use the NAT 0 command for traffic between your network and the ASP network while all other traffic will be NATed.

0 Helpful
Customers Also Viewed These Support Documents