Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
4
Helpful
5
Replies

IP shift NATting on ASA/PIX ?

pengfang
Level 1
Level 1

‎04-02-2008 12:08 PM - edited ‎03-11-2019 05:26 AM

Hi, how can I configure one-on-one "IP shift" NATting on PIX/ASA ? For example 202.100.1.16/28 <-> 192.168.2.32/28. So

a.a.a.17 <-> b.b.b.33

...

a.a.a.19 <-> b.b.b.35

...

Can I code like this? I don't have the appliance to verify, anybody can confirm it?

static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240

Thanks in advanced.

Labels:
0 Helpful
5 Replies 5

sundar.palaniappan
Level 10
Level 10

‎04-02-2008 01:16 PM

I am not sure if I understood your requirement correctly. But, if you are just trying to confirm the accuracy of the syntax for static command then it's correct. Inside host 192.168.2.32 would appear as 202.100.1.16 on the outside. Let me know if you have a different requirement.

HTH

Sundar

0 Helpful

pengfang
Level 1
Level 1
In response to sundar.palaniappan

‎04-02-2008 01:38 PM

Hi, thanks for reply. What I want to confirm are:

1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?

2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.

For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.

I checked Cisco document, all examples are one-on-one natting, there is no block-to-block .I hope I explained clearly my requirement, thanks again.

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to pengfang

‎04-02-2008 02:42 PM

""1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?""

It's for the block of 16 addresses as indicated by your netmask in the static. The response to the second part of the question is the next question.

""2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.

For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.""

This part I wasn't sure. So, I just tested this in my lab PIX and the translation is not happening in any order and it's all over the place. Hence, you shouldn't count on the same set of inside and outside address to be used every time PIX does the translation.

HTH

Sundar

pengfang
Level 1
Level 1
In response to sundar.palaniappan

‎04-02-2008 04:02 PM

Thanks Sundar.

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to pengfang

‎04-02-2008 04:23 PM

Glad it helped and thanks for the rating :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card