Identity NAT on PIX -- help needed

padramas · ‎12-08-2007

I have read through the documents on Identity NAT but few things are not clear to me. Consider the following network setup and the requirement.

PC1 ----[Inside]-PIX--[Dmz]---PC2

PC1 - 10.1.1.1

Inside - 10.1.1.2

DMZ - 10.2.2.1

PC2 -- 10.2.2.2

Requirement

PC2 has to retain the same IP address when it is communicating with inside network.

So configured following NAT

Static (dmz, inside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255

However, when I configure following statements the traffic flows as expected

Static ( inside, dmz) 10.2.2.2 10.2.2.2

Static ( inside,dmz) 10.1.1.1 10.1.1.1

Static (dmz,inside) 10.1.1.1 10.1.1.1

Question

Can someone explain the identity NAT concept in the above scenario and the correct configuration statement?

Thanks in advance for your time

Padmanabhan

srue · ‎12-08-2007

can you first answer a couple questions about your setup please?

1. what version of PIX OS?

2. if version is 7.x or later, is nat-control enabled

3. what is the security-level of the dmz interface?

padramas · ‎12-08-2007

1- 7.2.2

2- Nat control is enabled

3- Inside 100, DMZ 50

Please let me know if you need any further information or not.

srue · ‎12-08-2007

you don't need:

Static (dmz,inside) 10.1.1.1 10.1.1.1

Static ( inside, dmz) 10.2.2.2 10.2.2.2

identity nat is when you nat something to itself.