I need some help figuring out the best way to setup a NAT on an existing setup that I inherited. I'm using a PIX 515E, Cisco PIX Security Appliance Software Version 7.1(2). Here is the config for the internal and external interfaces:
ip address 209.x.x.242 255.255.255.248
ip address 66.x.x.1 255.255.255.0
As you can see, I have 2 public IP ranges on the interfaces. From what I've read, a traditional NAT would have a public IP range on the external, and an internal IP range (ie, 10.10.10.0/24) on the internal. I do not want to change the interfaces.
We do not use the 220.127.116.11/29 to assign to any machines inside of our network, we use the 18.104.22.168/24. What I need to do is use a 10.10.10.0/24 network as my internal network, and NAT that through the 22.214.171.124/24 network. Another variable to throw into this equation is that I need a number of hosts inside the network to have external access (I?m assuming a static NAT rule to map 126.96.36.199 -> 10.10.10.124 ? for example) such as web servers, and the rest of the hosts can overload to a single IP (188.8.131.52) such as workstations that do not need public access.
What is the best way to achieve this setup?