Solved: One to Many Nat help

eelliston · ‎12-21-2004

I need help with the syntax for using one to many NAT on the pix. the problem is, I have 3 /24 private addresses I want to do this to.

I am trying to do the following:

NAT 192.168.2.0/24 (entire network) to Global IP 216.82.64.40

NAT 192.168.3.0/24 (entire network) to Global IP 216.82.64.41

NAT 192.168.4.0/24 (entire network) to Global IP 216.82.64.42

How would I do this?

Thank you!

robmurraylyon · ‎12-21-2004

i think this correct off the top of my head ;)

set the static nats ;)

static (inside,outside) 216.82.64.40 192.168.2.0 netmask 255.255.255.0 0 0

static (inside,outside) 216.82.64.41 192.168.3.0 netmask 255.255.255.0 0 0

static (inside,outside) 216.82.64.42 192.168.4.0 netmask 255.255.255.0 0 0

you would then need to set your access lists ;)

cheers

rob

View solution in original post

scoclayton · ‎12-21-2004

Not quite...statics are meant for 1:1 NAT. The deal here is that we need to do 1:many NAT since he has (assuming) several hosts on the inside that need to be NAT'ed to a single address. Here is what you should have:

global (outside) 1 216.82.64.40

global (outside) 2 216.82.64.41

global (outside) 3 216.82.64.42

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 2 192.168.3.0 255.255.255.0

nat (inside) 3 192.168.4.0 255.255.255.0

Hope this helps.

Scott

View solution in original post

robmurraylyon · ‎12-21-2004

i think this correct off the top of my head ;)

set the static nats ;)

static (inside,outside) 216.82.64.40 192.168.2.0 netmask 255.255.255.0 0 0

static (inside,outside) 216.82.64.41 192.168.3.0 netmask 255.255.255.0 0 0

static (inside,outside) 216.82.64.42 192.168.4.0 netmask 255.255.255.0 0 0

you would then need to set your access lists ;)

cheers

rob

scoclayton · ‎12-21-2004

Not quite...statics are meant for 1:1 NAT. The deal here is that we need to do 1:many NAT since he has (assuming) several hosts on the inside that need to be NAT'ed to a single address. Here is what you should have:

global (outside) 1 216.82.64.40

global (outside) 2 216.82.64.41

global (outside) 3 216.82.64.42

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 2 192.168.3.0 255.255.255.0

nat (inside) 3 192.168.4.0 255.255.255.0

Hope this helps.

Scott

paddyxdoyle · ‎12-21-2004

Do you want inside netorks going out to the internet to map to different global addresses, or as rob included access to internal networks from the outside.

If you want inside to outside then try:

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 2 192.168.3.0 255.255.255.0

nat (inside) 3 192.168.4.0 255.255.255.0

global (outside) 1 216.82.64.40

global (outside) 2 216.82.64.41

global (outside) 3 216.82.64.42

HTH

PD