Policy Nat

Unanswered Question
Feb 21st, 2008

I am wondering if below configuration is possible , Supposing hostA is behind pixA firewall wants to communicate to HostB behind Pix B , source IP (192.168.1.2) should be Natted to 172.16.1.2 ,however if it needs to connect to internet it can go as (192.168.1.2).This should be true on Host B also ,Is it possible to accomplish by policy Nat and without having to use static command .


Any help will be greatly appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

(192.168.1.2) should be Natted to 172.16.1.2


This should work.. Try this on A...


access-list pnat extended permit ip host 192.168.1.2 host 192.168.2.2


static (inside,outside) 172.16.1.1 access-list pnat


nat (inside) 1 192.168.1.0 255.255.255.0


global (outside) 1 interface


This is all assuming that you have the routing setup correctly to route the 172.16.1.0/24 addresses.



Actions

This Discussion