Some NAT questions PIX/ASA

Unanswered Question
Jan 10th, 2008
User Badges:

Hi,


I want to NAT an inside local subnet (172.1.0.0) to inside global (172.2.0.0) when going to 10.1.0.0 but I need the hosts to keep the same address after translation...how would I accomplish this?


global (inside) 8 172.2.0.0-172.2.255.255 netmask 255.255.0.0


nat (inside) 8 access-list nat1


access-list nat1 permit ip 172.1.0.0 255.255.0.0 10.1.0.0 255.255.0.0


I'm not sure how to keep the same host address.


Also, would this work for incoming traffic translations also, or is this just for outgoing traffic?


Any help would be much appreciated!!


Thanks,

J


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
srue Thu, 01/10/2008 - 07:11
User Badges:
  • Blue, 1500 points or more

change "global (inside) 8..." to "global (outside) 8..."


everything else looks good. however, this is only for outgoing NAT. This won't allow incoming connections (aside from return traffic).

jigsaw2026 Fri, 01/11/2008 - 04:11
User Badges:

Hi,


Thank you for getting back to me. Actually I finally figured that what I needed was a static entry with an ACL, as this also works for incoming translations (and keeps host address the same).


Cheers,

J

Actions

This Discussion