Identity NAT on PIX -- help needed

Unanswered Question
Dec 8th, 2007
User Badges:
  • Cisco Employee,

I have read through the documents on Identity NAT but few things are not clear to me. Consider the following network setup and the requirement.


PC1 ----[Inside]-PIX--[Dmz]---PC2


PC1 - 10.1.1.1

Inside - 10.1.1.2

DMZ - 10.2.2.1

PC2 -- 10.2.2.2


Requirement

PC2 has to retain the same IP address when it is communicating with inside network.


So configured following NAT

Static (dmz, inside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255


However, when I configure following statements the traffic flows as expected


Static ( inside, dmz) 10.2.2.2 10.2.2.2

Static ( inside,dmz) 10.1.1.1 10.1.1.1

Static (dmz,inside) 10.1.1.1 10.1.1.1


Question

Can someone explain the identity NAT concept in the above scenario and the correct configuration statement?


Thanks in advance for your time

Padmanabhan


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Sat, 12/08/2007 - 20:32
User Badges:
  • Blue, 1500 points or more

can you first answer a couple questions about your setup please?

1. what version of PIX OS?

2. if version is 7.x or later, is nat-control enabled

3. what is the security-level of the dmz interface?

padramas Sat, 12/08/2007 - 20:39
User Badges:
  • Cisco Employee,

1- 7.2.2

2- Nat control is enabled

3- Inside 100, DMZ 50


Please let me know if you need any further information or not.


Actions

This Discussion