12-21-2004 05:56 AM - edited 03-09-2019 09:49 AM
I need help with the syntax for using one to many NAT on the pix. the problem is, I have 3 /24 private addresses I want to do this to.
I am trying to do the following:
NAT 192.168.2.0/24 (entire network) to Global IP 216.82.64.40
NAT 192.168.3.0/24 (entire network) to Global IP 216.82.64.41
NAT 192.168.4.0/24 (entire network) to Global IP 216.82.64.42
How would I do this?
Thank you!
Solved! Go to Solution.
12-21-2004 06:12 AM
i think this correct off the top of my head ;)
set the static nats ;)
static (inside,outside) 216.82.64.40 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,outside) 216.82.64.41 192.168.3.0 netmask 255.255.255.0 0 0
static (inside,outside) 216.82.64.42 192.168.4.0 netmask 255.255.255.0 0 0
you would then need to set your access lists ;)
cheers
rob
12-21-2004 06:22 AM
Not quite...statics are meant for 1:1 NAT. The deal here is that we need to do 1:many NAT since he has (assuming) several hosts on the inside that need to be NAT'ed to a single address. Here is what you should have:
global (outside) 1 216.82.64.40
global (outside) 2 216.82.64.41
global (outside) 3 216.82.64.42
nat (inside) 1 192.168.2.0 255.255.255.0
nat (inside) 2 192.168.3.0 255.255.255.0
nat (inside) 3 192.168.4.0 255.255.255.0
Hope this helps.
Scott
12-21-2004 06:12 AM
i think this correct off the top of my head ;)
set the static nats ;)
static (inside,outside) 216.82.64.40 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,outside) 216.82.64.41 192.168.3.0 netmask 255.255.255.0 0 0
static (inside,outside) 216.82.64.42 192.168.4.0 netmask 255.255.255.0 0 0
you would then need to set your access lists ;)
cheers
rob
12-21-2004 06:22 AM
Not quite...statics are meant for 1:1 NAT. The deal here is that we need to do 1:many NAT since he has (assuming) several hosts on the inside that need to be NAT'ed to a single address. Here is what you should have:
global (outside) 1 216.82.64.40
global (outside) 2 216.82.64.41
global (outside) 3 216.82.64.42
nat (inside) 1 192.168.2.0 255.255.255.0
nat (inside) 2 192.168.3.0 255.255.255.0
nat (inside) 3 192.168.4.0 255.255.255.0
Hope this helps.
Scott
12-21-2004 06:28 AM
Do you want inside netorks going out to the internet to map to different global addresses, or as rob included access to internal networks from the outside.
If you want inside to outside then try:
nat (inside) 1 192.168.2.0 255.255.255.0
nat (inside) 2 192.168.3.0 255.255.255.0
nat (inside) 3 192.168.4.0 255.255.255.0
global (outside) 1 216.82.64.40
global (outside) 2 216.82.64.41
global (outside) 3 216.82.64.42
HTH
PD
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide