07-23-2007 06:40 AM - edited 03-11-2019 03:48 AM
is the following ok? I am unsure if I can nat my 47.15 address to 3.21 with the interface alreading having a NAT that appears to be for all traffic going over the interface. Any guidence on this would be great.
global (outside_datae) 1 192.168.1.25
global (outside_datap) 2 192.168.3.25
global (outside_datap) 3 192.168.3.21
nat (inside) 1 access-list datae
nat (inside) 2 access-list datap
nat (inside) 3 192.168.47.15
access-group data_e in interface outside_datae
access-group data_p in interface outside_datap
07-23-2007 07:09 AM
assuming 192.168.47.15 is a single host address and not a network address, it's better to use the static command.
static (inside,outside_datap) 192.168.3.21 192.168.47.15
this also depends on what you're trying to accomplish. the way you have it, it's actually set up for PAT (aka NAT overloading) and not a true 1:1 static NAT. If you want inbound connections to be allowed to 192.168.47.15, you should use the static command.
depending on what ACL's datae and datap look like, the nat 3 statement may never take affect.
07-23-2007 07:18 AM
The more specific one wins. !!
Gilbert
07-23-2007 07:39 AM
I am trying to make it so that only the data going from my internal 47.15 gets nat'd to 3.21 and info going to all other locations continues as was stated before. The firewall is currently working in the enviroment as:
global (outside_datae) 1 192.168.1.25
global (outside_datap) 2 192.168.3.25
nat (inside) 1 access-list datae
nat (inside) 2 access-list datap
access-group data_e in interface outside_datae
access-group data_p in interface outside_datap
I have added the enteries in my first post to get access to a different location on the outside, but have a specific translation on that address. The first post I made has the changes I added and I was just wondering the implications of my changes. Hopefully they don't break what was already there.
07-26-2007 07:38 AM
According to your configuration, you have an access-list called as "datae" and "data_e" & "datap" and "data_p"
the access-list with "_" is applied to the interface.
The access-list without "_" is applied to the nat statements.
Let me know if there is anything you would need help with in this issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: