Static NAT

Unanswered Question
rajbhatt Wed, 08/15/2007 - 22:18


You can use time based access lists for control

but nat cannot be done based on time instead u could try using policy nat if that solves ur purpose using

source and destination address but here time based access lists will not be supported


Jon Marshall Wed, 08/15/2007 - 23:09


As previous poster said you cannot do NAT based on time but it would be relatively easy to write a script that logs onto your firewall, clears the xlate for that static and then sets up a different static translation.


Jon Marshall Thu, 08/16/2007 - 04:44


I will try and dig one out that i did a while back to do a similiar sort of thing.

Couple of questions

1) Are you familiar with Tcl/TK

2) Are you familiar with Perl

Do you have a linux/unix box to run the script from or will it be a windows box.


Jon Marshall Thu, 08/16/2007 - 05:04

Okay, no problem. As it's windows it might take a bit of time to dig out so bear with me.


srue Fri, 08/17/2007 - 19:40

You can install perl on windows (aka activeperl). You will also need the Windows version of the net::telnet & net::telnet::cisco modules. Adjust passwds and IP accordingly. Once you have the script working, just schedule it using windows.


#!/usr/bin/perl -w (adjust this accordingly)

use Net::Telnet::Cisco;

$passwd = 'telnet_passwd';

$enable_passwd = 'enable_passwd';

$pix = '';


my $session = Net::Telnet::Cisco->new(Host => $pix, Timeout => 30);

$session->prompt('/[\$%#>] $/');

$session->login('pix', $passwd);


$session->cmd("conf t\nno static (inside,outside)\nstatic (inside,outside)");



i've never configured a PeRL script to use ssh, but i suppose its possible.


This Discussion