PIX NAT/PAT question ?

Unanswered Question
Feb 21st, 2007

On a PIX firewall is it possible to NAT the source addresses of an outside network to a single inside address therefore representing each outside address with PAT?

For example if the outside network is defined as 192.168.1.0/24 and the inside address to represent the outside network is defined as 192.168.2.1/32. What would be the necessary config to allow the outside addresses to be represented as 192.168.2.1 using PAT.

I suppose im trying to configure PAT in reverse to how it would normally be used (i.e using a single global address to represent many inside addresses)!

Any advice appreciated

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mrmozaffari Wed, 02/21/2007 - 23:28

Hi

It can be possible just try that im not sure.

Global (inside) 1 192.168.2.1 netmask 255.255.255.0

Nat (outside) 1 192.168.1.0 255.255.255.0

Then you need to deifne access-list to permit this ip address sees inside.

Hope to Helpful.

hoogen_82 Wed, 02/21/2007 - 23:51

I think your trying to configure destination based. You need to do it this way reverse the static nat statements

static(outside,inside) 192.168.2.1 192.168.1.0 netmask 255.255.255.0

Do remember to configure the appropriate access-list.

HTH

Hoogen

Do rate if this helps :)

CSCO10576352 Thu, 02/22/2007 - 00:01

Hi, thanks for the reply, i have just tried it that way but I get an overlaping address space error from the pix when i try to enter the command.

CSCO10576352 Thu, 02/22/2007 - 00:13

Yes I have tried it mapping host to host with a seperate static entry for each address translation and this works fine but the reason im trying to do it using PAT is to save on available inside IP address space.

Regards

CSCO10576352 Mon, 02/26/2007 - 09:11

Thanks for the replies. I eventually managed to get this working, I was missing the outside keyword off the end of the nat statement to enable outside nat. For info, the working config is:

nat(outside) 1 192.168.0 255.255.255.0 outside

global(inside) 1 192.168.2.1 netmask 255.255.255.255

Actions

This Discussion