Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
1
Replies

Converting PIX NAT to Router NAT

sonjam
Level 1
Level 1

‎06-25-2007 12:22 PM - edited ‎03-11-2019 03:34 AM

I have 2 PIX firewalls that I am removing and replacing with a router (2811) that has 2 FE ports on it. We're trying to merge networks, but still need to route our traffic and do some static NATting. I'm pretty PIX illiterate, but I'll show you the config from the pix and what I'm translating it to on the router.

So, on PIX1 I have NAT statements like (notice the inside,outside).

static (inside,outside) 10.208.47.227 10.12.1.1 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.228 10.10.1.128 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.229 10.9.88.199 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.231 10.10.1.101 netmask 255.255.255.255 0 0

10.208.x.x is "outside or their network"

So, on my router I have this...

interface FastEthernet0/0

description Connection to myNetork

ip address 10.9.232.20 255.255.248.0

ip nat inside

!

interface FastEthernet0/1

description Connection to theirNetwork

ip address 10.208.40.250 255.255.255.128

ip nat outside

ip nat inside source static 10.12.1.1 10.208.47.227

ip nat inside source static 10.10.1.128 10.208.47.228

ip nat inside source static 10.9.88.199 10.208.47.229

ip nat inside source static 10.10.1.101 10.208.47.231

I'm guessing that's right. Here is my question...

I also have this on PIX1 (notice the outside, inside)...

static (outside,inside) 10.9.56.56 10.208.47.243 netmask 255.255.255.255 0 0

static (outside,inside) 10.9.56.55 10.208.44.244 netmask 255.255.255.255 0 0

static (outside,inside) 10.9.136.93 10.208.47.245 netmask 255.255.255.255 0 0

So, do I put the following on the router or do the same as above (notice the ip nat outside)?

ip nat outside source static 10.9.56.56 10.208.47.243

ip nat outside source static 10.9.56.55 10.208.47.244

ip nat outside source static 10.9.136.93 10.208.47.245

Also, on PIX2 I have this and have no freaking clue how to add that to the router (these are both addresses on "their" network)...

static (inside,outside) 10.208.47.243 10.208.45.20 netmask 255.255.255.255 0 0

static (inside,outside) 10.208.47.244 10.208.45.21 netmask 255.255.255.255 0 0

Any help you can offer would be greatly appreciated. Thanks!

Labels:
0 Helpful
1 Reply 1

mmellet
Level 3
Level 3

‎06-29-2007 11:02 AM

Dynamic NAT creates active translation entries in a table when a packet crosses from an IP NAT inside interface to an IP NAT outside interface, or vice versa. This dynamic NAT entry can be seen using the show ip nat translation command. Cisco IOS? software checks for any existing active NAT translations in the translations table when either of the following existing dynamic NAT configurations is removed

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094422.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card