12-08-2007 08:24 PM - edited 03-11-2019 04:41 AM
I have read through the documents on Identity NAT but few things are not clear to me. Consider the following network setup and the requirement.
PC1 ----[Inside]-PIX--[Dmz]---PC2
PC1 - 10.1.1.1
Inside - 10.1.1.2
DMZ - 10.2.2.1
PC2 -- 10.2.2.2
Requirement
PC2 has to retain the same IP address when it is communicating with inside network.
So configured following NAT
Static (dmz, inside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255
However, when I configure following statements the traffic flows as expected
Static ( inside, dmz) 10.2.2.2 10.2.2.2
Static ( inside,dmz) 10.1.1.1 10.1.1.1
Static (dmz,inside) 10.1.1.1 10.1.1.1
Question
Can someone explain the identity NAT concept in the above scenario and the correct configuration statement?
Thanks in advance for your time
Padmanabhan
12-08-2007 08:32 PM
can you first answer a couple questions about your setup please?
1. what version of PIX OS?
2. if version is 7.x or later, is nat-control enabled
3. what is the security-level of the dmz interface?
12-08-2007 08:39 PM
1- 7.2.2
2- Nat control is enabled
3- Inside 100, DMZ 50
Please let me know if you need any further information or not.
12-08-2007 09:13 PM
you don't need:
Static (dmz,inside) 10.1.1.1 10.1.1.1
Static ( inside, dmz) 10.2.2.2 10.2.2.2
identity nat is when you nat something to itself.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043458
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: