Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
5
Helpful
3
Replies

Policy Nat

ciscosom
Level 1
Level 1

‎02-21-2008 10:33 AM - edited ‎03-11-2019 05:06 AM

I am wondering if below configuration is possible , Supposing hostA is behind pixA firewall wants to communicate to HostB behind Pix B , source IP (192.168.1.2) should be Natted to 172.16.1.2 ,however if it needs to connect to internet it can go as (192.168.1.2).This should be true on Host B also ,Is it possible to accomplish by policy Nat and without having to use static command .

Any help will be greatly appreciated

Labels:
0 Helpful
3 Replies 3

ciscosom
Level 1
Level 1

‎02-21-2008 10:36 AM

Let me know if this is possible

Preview file
14 KB
0 Helpful

jwalker
Level 3
Level 3
In response to ciscosom

‎02-21-2008 11:14 AM

(192.168.1.2) should be Natted to 172.16.1.2

This should work.. Try this on A...

access-list pnat extended permit ip host 192.168.1.2 host 192.168.2.2

static (inside,outside) 172.16.1.1 access-list pnat

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

This is all assuming that you have the routing setup correctly to route the 172.16.1.0/24 addresses.

ciscosom
Level 1
Level 1
In response to jwalker

‎02-21-2008 11:41 AM

Thanks a ton , this is what i was looking for .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card