Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
4
Replies

NAT with different Subnets

rsinghnyc
Level 1
Level 1

‎11-29-2007 10:42 AM - edited ‎03-11-2019 04:37 AM

We have a hub and spoke architecture:

HQ - PIX515, Cisco 3662 Router

Location1 - Cisco 1600 Router

Location2 - Cisco 1600 Router

Location3 - Cisco 1600 Router

Location4 - Cisco 1600 Router

Each location is connect to HQ via a Point-to-Point Full T1.

Each location is on a diffent subnet (e.g. 10.100.X.X - HQ, 10.1.X.X - Loc1, 10.2.X.X - Loc2, etc.)

We have a Security Camera Workstation at each location, that we would like to be able to access from the outside via http.

I have setup a public IP for the HQ site, and can access HQ's security cameras from the outside.

I would like to be able to access the other workstations from the outside via public IP's, as well. How can I accomplish that? How would I NAT across different subnets?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎11-30-2007 03:21 AM

Hi

1) Does the Internet only come into the HQ site

2) Where is the pix in relation to the 3662 router ie. where does the Internet connect and where do the 1600's connect

3) Where are you doing the HQ NAT

4) What is the version of Pix code.

Apologies for all the questions but we need to know more before we can answer the question.

Jon

0 Helpful

rsinghnyc
Level 1
Level 1
In response to Jon Marshall

‎11-30-2007 03:59 AM

Jon,

In answer to your questions:

1) Yes

2) Internet->PIX->3662->1600's

3) On the PIX

4) 6.3(5)

Would this suffice on the PIX:

static (inside,outside) 12.34.56.7 10.100.2.2 netmask 255.255.255.255

static (inside,outside) 12.34.56.8 10.1.1.12 netmask 255.255.255.255

static (inside,outside) 12.34.56.9 10.2.2.11 netmask 255.255.255.255

static (inside,outside) 12.34.56.10 10.3.3.33 netmask 255.255.255.255

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to rsinghnyc

‎11-30-2007 07:38 AM

Hi

Yes, this should work fine. The key thing i was worried about was that you might be trying to send traffic back out the same interface it came in on with the pix and with pix v6.3 you can't do this.

But your setup should work fine. As long as the spoke sites use default routing to get back to the HQ 3662.

Jon

0 Helpful

andyjames
Level 1
Level 1

‎11-30-2007 04:07 AM

Hello,

I have natted through for remote subnets before on a router but not with a PIX involved.

I am guessing it would be the same though. Choose a different port number for each site and it should work the same as the setup you have for the HQ now.

HTH.

Andy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card