Converting PIX NAT to Router NAT

Unanswered Question
Jun 25th, 2007

I have 2 PIX firewalls that I am removing and replacing with a router (2811) that has 2 FE ports on it. We're trying to merge networks, but still need to route our traffic and do some static NATting. I'm pretty PIX illiterate, but I'll show you the config from the pix and what I'm translating it to on the router.


So, on PIX1 I have NAT statements like (notice the inside,outside).


static (inside,outside) 10.208.47.227 10.12.1.1 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.228 10.10.1.128 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.229 10.9.88.199 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.231 10.10.1.101 netmask 255.255.255.255 0 0


10.208.x.x is "outside or their network"


So, on my router I have this...


interface FastEthernet0/0

description Connection to myNetork

ip address 10.9.232.20 255.255.248.0

ip nat inside

!

interface FastEthernet0/1

description Connection to theirNetwork

ip address 10.208.40.250 255.255.255.128

ip nat outside


ip nat inside source static 10.12.1.1 10.208.47.227

ip nat inside source static 10.10.1.128 10.208.47.228

ip nat inside source static 10.9.88.199 10.208.47.229

ip nat inside source static 10.10.1.101 10.208.47.231


I'm guessing that's right. Here is my question...


I also have this on PIX1 (notice the outside, inside)...


static (outside,inside) 10.9.56.56 10.208.47.243 netmask 255.255.255.255 0 0

static (outside,inside) 10.9.56.55 10.208.44.244 netmask 255.255.255.255 0 0

static (outside,inside) 10.9.136.93 10.208.47.245 netmask 255.255.255.255 0 0


So, do I put the following on the router or do the same as above (notice the ip nat outside)?


ip nat outside source static 10.9.56.56 10.208.47.243

ip nat outside source static 10.9.56.55 10.208.47.244

ip nat outside source static 10.9.136.93 10.208.47.245


Also, on PIX2 I have this and have no freaking clue how to add that to the router (these are both addresses on "their" network)...


static (inside,outside) 10.208.47.243 10.208.45.20 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.244 10.208.45.21 netmask 255.255.255.255 0 0


Any help you can offer would be greatly appreciated. Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mmellet Fri, 06/29/2007 - 11:02

Dynamic NAT creates active translation entries in a table when a packet crosses from an IP NAT inside interface to an IP NAT outside interface, or vice versa. This dynamic NAT entry can be seen using the show ip nat translation command. Cisco IOS? software checks for any existing active NAT translations in the translations table when either of the following existing dynamic NAT configurations is removed

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094422.shtml

Actions

This Discussion