nat'ing

Unanswered Question
Nov 4th, 2008
User Badges:

i have a pix 506e in front of my network i have several servers in my network, but there are 6 servers that i am concerned about.


is it possable in the pix to put those 6 internal ips in a group and have that group use nating through 1 IP address?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Tue, 11/04/2008 - 09:52
User Badges:
  • Silver, 250 points or more

Use policy NAT if you want the servers to go to the Internet with Public IP A.B.C.D,

then if your servers are 10.0.0.101 till 106


access-list 101 permit tcp host 10.0.0.101 any eq 80

............

............

access-list 101 permit tcp host 10.0.0.106 any eq 80



static(Inside,Outside) A.B.C.D access-list 101



Also you can create object-group for the Internal Server IP's and use it in the ACL.

Hope this helps

suschoud Tue, 11/04/2008 - 09:54
User Badges:
  • Gold, 750 points or more

Here u go :



Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter




1.1.1.1---1.1.1.6 will use outside interface ip for natting.




Do rate if helpful.



Regards,

Sushil

Danny Guillory Jr Tue, 11/04/2008 - 09:58
User Badges:

ok right now my PIX does NOT do any natting at all. all my servers have a manuel IP address mapped to external ip... so i do no think this is complete... just looks like something is missing


Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter




1.1.1.1---1.1.1.6 will use outside interface ip for natting.


Actions

This Discussion