IP shift NATting on ASA/PIX ?

Unanswered Question
Apr 2nd, 2008
User Badges:

Hi, how can I configure one-on-one "IP shift" NATting on PIX/ASA ? For example 202.100.1.16/28 <-> 192.168.2.32/28. So

a.a.a.17 <-> b.b.b.33

...

a.a.a.19 <-> b.b.b.35

...


Can I code like this? I don't have the appliance to verify, anybody can confirm it?


static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240


Thanks in advanced.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
sundar.palaniappan Wed, 04/02/2008 - 13:16
User Badges:
  • Green, 3000 points or more

I am not sure if I understood your requirement correctly. But, if you are just trying to confirm the accuracy of the syntax for static command then it's correct. Inside host 192.168.2.32 would appear as 202.100.1.16 on the outside. Let me know if you have a different requirement.


HTH


Sundar

pengfang Wed, 04/02/2008 - 13:38
User Badges:

Hi, thanks for reply. What I want to confirm are:

1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?


2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.


For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.


I checked Cisco document, all examples are one-on-one natting, there is no block-to-block .I hope I explained clearly my requirement, thanks again.

sundar.palaniappan Wed, 04/02/2008 - 14:42
User Badges:
  • Green, 3000 points or more

""1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?""


It's for the block of 16 addresses as indicated by your netmask in the static. The response to the second part of the question is the next question.


""2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.


For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.""


This part I wasn't sure. So, I just tested this in my lab PIX and the translation is not happening in any order and it's all over the place. Hence, you shouldn't count on the same set of inside and outside address to be used every time PIX does the translation.


HTH


Sundar



Actions

This Discussion