11-04-2008 09:37 AM - edited 03-11-2019 07:07 AM
i have a pix 506e in front of my network i have several servers in my network, but there are 6 servers that i am concerned about.
is it possable in the pix to put those 6 internal ips in a group and have that group use nating through 1 IP address?
11-04-2008 09:52 AM
Use policy NAT if you want the servers to go to the Internet with Public IP A.B.C.D,
then if your servers are 10.0.0.101 till 106
access-list 101 permit tcp host 10.0.0.101 any eq 80
............
............
access-list 101 permit tcp host 10.0.0.106 any eq 80
static(Inside,Outside) A.B.C.D access-list 101
Also you can create object-group for the Internal Server IP's and use it in the ACL.
Hope this helps
11-04-2008 09:54 AM
Here u go :
Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255
Security506E-6.x(config)# global (outside) 1 inter
1.1.1.1---1.1.1.6 will use outside interface ip for natting.
Do rate if helpful.
Regards,
Sushil
11-04-2008 09:58 AM
ok right now my PIX does NOT do any natting at all. all my servers have a manuel IP address mapped to external ip... so i do no think this is complete... just looks like something is missing
Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255
Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255
Security506E-6.x(config)# global (outside) 1 inter
1.1.1.1---1.1.1.6 will use outside interface ip for natting.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: