cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
890
Views
0
Helpful
23
Replies

How to do souce address NAT

cisco_lite
Level 1
Level 1

hi,

Could you please let me know how to do source address NAT'ing on FWSM.

Source IP: 1.1.1.1

Ingress interface: DMZ1

Ingress subnet: 1.1.1.0/24

Egress interface: DMZ2

Egress subnet: 2.2.2.0/24

The Source IP 1.1.1.1 initiated from DMZ1 should be natted to 3.3.3.1 upon exiting the Egress interface DMZ2.

Thanks.

23 Replies 23

Hi,

What are security levels for the DMZ1 and DMZ2 intefaces?

DMZ1: 100

DMZ2: 70

Thanks.

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

Hi again,

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255

Cheers mate,

Muath

And sorry for the 1,000 reply, by mistake mate :)

The syntax is incorrect. It should be

static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 netmask 255.255.255.255

Secondly, the above isn't working. I debugged the packet and source address is not nat'ed.

I would be more interested on NAT'ing the network rather than the host, like with / 24.

I got the following from a NAT guide on the internet. Please advise if it is correct. I have tried it on FWSM and it is not working.

Please assist

Quote

Static source translation

Source static translation is used when the source IP address of the host (local IP) is

changed to another IP (global IP) once the packet gets routed to the destination. This

translation hides the real identity of the initiator and also allows private IP addresses

to be translated to public IPs in order to get routed through public networks.

Syntax:

#static(source_intf, destination_intf) netmask

Example:

//Host 10.0.0.100 is source translated when connects to another host situated behind dmz03

interface.

#static(inside,dmz03) 90.30.2.10 10.0.0.100 netmask 255.255.255.255

Unquote

I am coming across some materials stating that source address NAT'ing is not supported in FWSM. Is it true ? Please confirm. Thanks.

Hi,

Is it possible that NAT is disabled on your FWSM?

If its disabled, while in config mode, do the "nat-control" command in order to enable it.

Cheers

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: