08-18-2004 09:30 AM
On a PIX running NAT can I have to static mappings which map two seperate outside ip addresses to a single inside ip address? If I do have this already will it cause any conflicts?
08-18-2004 10:40 AM
Hi I'm using policy NAT to a VPN tunnel but is it not depending on ACL.
Policy NAT Examples
BR.
Niels Peter
08-23-2004 02:46 AM
Hi Nick
If I understand your question correctly you want to translate the same Inside ip into 2 different IPs separately.
say the network is :
=====================
10.1.1.0/24 (inside)--(PIX) (outside) 200.1.1.0/24
you can do this by doing the following
1) say the inside host is 10.1.1.1
2) you want to translate 10.1.1.1 to 200.1.1.2 when it wants to go to x.x.x.x/mask
3) otherwise you want to translate it yo 20.1.1.10
4) To do this you would need to have 6.3(3) or higher and define an ACL as
access-list 101 permit ip host 10.1.1.2 x.x.x.x mask
nat (inside) 200.1.1.2 access-list 101
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 1 200.1.1.10
beofre implementing this make sure you do a "clear xlate" on the pix and also send traffic to x.x.x.x from the host. so that the forst tranalation is already built.
You can use static statementa also with ACL from 6.3(3) onwards
For command Reference:
==========================
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694
Look for static command
1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide