02-04-2009 11:39 PM - edited 03-11-2019 07:46 AM
hi,
Could you please let me know how to do source address NAT'ing on FWSM.
Source IP: 1.1.1.1
Ingress interface: DMZ1
Ingress subnet: 1.1.1.0/24
Egress interface: DMZ2
Egress subnet: 2.2.2.0/24
The Source IP 1.1.1.1 initiated from DMZ1 should be natted to 3.3.3.1 upon exiting the Egress interface DMZ2.
Thanks.
02-05-2009 12:32 AM
Hi,
What are security levels for the DMZ1 and DMZ2 intefaces?
02-05-2009 12:36 AM
DMZ1: 100
DMZ2: 70
Thanks.
02-05-2009 01:02 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:03 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:03 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:03 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:03 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:03 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 12:56 AM
Hi again,
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 255.255.255.255
Cheers mate,
Muath
02-05-2009 01:02 AM
And sorry for the 1,000 reply, by mistake mate :)
02-05-2009 02:27 AM
The syntax is incorrect. It should be
static (DMZ1,DMZ2)3.3.3.1 1.1.1.1 netmask 255.255.255.255
Secondly, the above isn't working. I debugged the packet and source address is not nat'ed.
I would be more interested on NAT'ing the network rather than the host, like with / 24.
02-05-2009 11:03 AM
I got the following from a NAT guide on the internet. Please advise if it is correct. I have tried it on FWSM and it is not working.
Please assist
Quote
Static source translation
Source static translation is used when the source IP address of the host (local IP) is
changed to another IP (global IP) once the packet gets routed to the destination. This
translation hides the real identity of the initiator and also allows private IP addresses
to be translated to public IPs in order to get routed through public networks.
Syntax:
#static(source_intf, destination_intf)
Example:
//Host 10.0.0.100 is source translated when connects to another host situated behind dmz03
interface.
#static(inside,dmz03) 90.30.2.10 10.0.0.100 netmask 255.255.255.255
Unquote
02-05-2009 04:26 PM
I am coming across some materials stating that source address NAT'ing is not supported in FWSM. Is it true ? Please confirm. Thanks.
02-06-2009 03:54 AM
Hi,
Is it possible that NAT is disabled on your FWSM?
If its disabled, while in config mode, do the "nat-control" command in order to enable it.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide