nat'ing

Unanswered Question
Nov 4th, 2008

i have a pix 506e in front of my network i have several servers in my network, but there are 6 servers that i am concerned about.

is it possable in the pix to put those 6 internal ips in a group and have that group use nating through 1 IP address?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Tue, 11/04/2008 - 09:52

Use policy NAT if you want the servers to go to the Internet with Public IP A.B.C.D,

then if your servers are 10.0.0.101 till 106

access-list 101 permit tcp host 10.0.0.101 any eq 80

............

............

access-list 101 permit tcp host 10.0.0.106 any eq 80

static(Inside,Outside) A.B.C.D access-list 101

Also you can create object-group for the Internal Server IP's and use it in the ACL.

Hope this helps

suschoud Tue, 11/04/2008 - 09:54

Here u go :

Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter

1.1.1.1---1.1.1.6 will use outside interface ip for natting.

Do rate if helpful.

Regards,

Sushil

Danny Guillory Jr Tue, 11/04/2008 - 09:58

ok right now my PIX does NOT do any natting at all. all my servers have a manuel IP address mapped to external ip... so i do no think this is complete... just looks like something is missing

Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter

1.1.1.1---1.1.1.6 will use outside interface ip for natting.

Actions

This Discussion