02-19-2009 01:44 AM - edited 03-04-2019 03:38 AM
global (outside) 10 172.20.20.15 netmask 255.255.255.255
nat (inside) 10 10.32.0.0 255.252.0.0
This is the Configuration of PIX. My question is, If any traffic is comming from outside, on which IP it will translated.
02-19-2009 02:08 AM
Hi,
Traffic from the outside to inside won't be translated.
The above configuration will translate traffic coming from the inside network 10.32.0.0 behind the outside IP 172.20.20.15.
02-19-2009 05:26 AM
Is there ever an instance where Outside traffic would get translated going into a firewall etc?
02-19-2009 05:50 AM
Yes, if you set up a static translation rather than a dynamic translation ie.
static (inside,outside) 172.20.20.1 192.168.100.1 netmask 255.255.255.255
if the internal host 192.168.1.100 connects to a server on the outside the source address is translated to 172.20.20.1.
If an external PC tries to connect to 172.20.20.1 it will be translated by the pix to 192.168.1.100.
Static translations allow traffic to be initiated from both directions.
Jon
02-19-2009 02:19 AM
Rupesh
James is correct in what he says. More specifically any traffic that is initiated from the outside will not be translated with the above configuration.
Traffic that is part of a connection that was initiated from the inside will be translated back to the original 10.32.0.0 address.
So if you go to a web page on the internet from 10.32.1.1 then as the traffic goes through the pix the source IP address will be translated to 172.20.20.15. When the web server sends a packet back the destination address is 172.20.20.15. When it arrives at the pix the firewall then translates the destination IP address back to 10.32.1.1.
Jon
02-19-2009 07:38 PM
It means, I am taking Example of Router, then any traffic initiated from Outside will not be natted with below command.
"ip nat inside source list 15 interface Serial0/1/0:0 overload"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: