Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
7
Replies

PIX NAT/PAT question ?

CSCO10576352
Level 1
Level 1

‎02-21-2007 01:58 PM

On a PIX firewall is it possible to NAT the source addresses of an outside network to a single inside address therefore representing each outside address with PAT?

For example if the outside network is defined as 192.168.1.0/24 and the inside address to represent the outside network is defined as 192.168.2.1/32. What would be the necessary config to allow the outside addresses to be represented as 192.168.2.1 using PAT.

I suppose im trying to configure PAT in reverse to how it would normally be used (i.e using a single global address to represent many inside addresses)!

Any advice appreciated

Thanks

Labels:
0 Helpful
7 Replies 7

mrmozaffari
Level 1
Level 1

‎02-21-2007 11:28 PM

Hi

It can be possible just try that im not sure.

Global (inside) 1 192.168.2.1 netmask 255.255.255.0

Nat (outside) 1 192.168.1.0 255.255.255.0

Then you need to deifne access-list to permit this ip address sees inside.

Hope to Helpful.

0 Helpful

hoogen_82
Level 4
Level 4

‎02-21-2007 11:51 PM

I think your trying to configure destination based. You need to do it this way reverse the static nat statements

static(outside,inside) 192.168.2.1 192.168.1.0 netmask 255.255.255.0

Do remember to configure the appropriate access-list.

HTH

Hoogen

Do rate if this helps :)

0 Helpful

CSCO10576352
Level 1
Level 1
In response to hoogen_82

‎02-22-2007 12:01 AM

Hi, thanks for the reply, i have just tried it that way but I get an overlaping address space error from the pix when i try to enter the command.

0 Helpful

hoogen_82
Level 4
Level 4
In response to CSCO10576352

‎02-22-2007 12:05 AM

Did you try mapping host to host?

Hoogen

0 Helpful

CSCO10576352
Level 1
Level 1
In response to hoogen_82

‎02-22-2007 12:13 AM

Yes I have tried it mapping host to host with a seperate static entry for each address translation and this works fine but the reason im trying to do it using PAT is to save on available inside IP address space.

Regards

0 Helpful

mrmozaffari
Level 1
Level 1
In response to CSCO10576352

‎02-22-2007 02:05 AM

Hi again

Could you send your config ?

0 Helpful

CSCO10576352
Level 1
Level 1

‎02-26-2007 09:11 AM

Thanks for the replies. I eventually managed to get this working, I was missing the outside keyword off the end of the nat statement to enable outside nat. For info, the working config is:

nat(outside) 1 192.168.0 255.255.255.0 outside

global(inside) 1 192.168.2.1 netmask 255.255.255.255

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents