Re: PIX NAT static translation question

Nicholas Vigil · ‎08-18-2004

On a PIX running NAT can I have to static mappings which map two seperate outside ip addresses to a single inside ip address? If I do have this already will it cause any conflicts?

nphyldahl · ‎08-18-2004

Hi I'm using policy NAT to a VPN tunnel but is it not depending on ACL.

Policy NAT Examples

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801cd841.html#wp1026694

BR.

Niels Peter

waisfaqu · ‎08-23-2004

Hi Nick

If I understand your question correctly you want to translate the same Inside ip into 2 different IPs separately.

say the network is :

=====================

10.1.1.0/24 (inside)--(PIX) (outside) 200.1.1.0/24

you can do this by doing the following

1) say the inside host is 10.1.1.1

2) you want to translate 10.1.1.1 to 200.1.1.2 when it wants to go to x.x.x.x/mask

3) otherwise you want to translate it yo 20.1.1.10

4) To do this you would need to have 6.3(3) or higher and define an ACL as

access-list 101 permit ip host 10.1.1.2 x.x.x.x mask

nat (inside) 200.1.1.2 access-list 101

nat (inside) 1 10.1.1.0 255.255.255.0

global (outside) 1 200.1.1.10

beofre implementing this make sure you do a "clear xlate" on the pix and also send traffic to x.x.x.x from the host. so that the forst tranalation is already built.

You can use static statementa also with ACL from 6.3(3) onwards

For command Reference:

==========================

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

Look for static command

1