cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
406
Views
5
Helpful
5
Replies

Nat in PIX

Rupesh Kashyap
Level 1
Level 1

global (outside) 10 172.20.20.15 netmask 255.255.255.255

nat (inside) 10 10.32.0.0 255.252.0.0

This is the Configuration of PIX. My question is, If any traffic is comming from outside, on which IP it will translated.

5 Replies 5

JamesLuther
Level 3
Level 3

Hi,

Traffic from the outside to inside won't be translated.

The above configuration will translate traffic coming from the inside network 10.32.0.0 behind the outside IP 172.20.20.15.

Is there ever an instance where Outside traffic would get translated going into a firewall etc?

Yes, if you set up a static translation rather than a dynamic translation ie.

static (inside,outside) 172.20.20.1 192.168.100.1 netmask 255.255.255.255

if the internal host 192.168.1.100 connects to a server on the outside the source address is translated to 172.20.20.1.

If an external PC tries to connect to 172.20.20.1 it will be translated by the pix to 192.168.1.100.

Static translations allow traffic to be initiated from both directions.

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Rupesh

James is correct in what he says. More specifically any traffic that is initiated from the outside will not be translated with the above configuration.

Traffic that is part of a connection that was initiated from the inside will be translated back to the original 10.32.0.0 address.

So if you go to a web page on the internet from 10.32.1.1 then as the traffic goes through the pix the source IP address will be translated to 172.20.20.15. When the web server sends a packet back the destination address is 172.20.20.15. When it arrives at the pix the firewall then translates the destination IP address back to 10.32.1.1.

Jon

It means, I am taking Example of Router, then any traffic initiated from Outside will not be natted with below command.

"ip nat inside source list 15 interface Serial0/1/0:0 overload"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: