One-to-one-translation with *dynamic* NAT?

Unanswered Question
Mar 5th, 2009

Can I map the host part in a dynamic NAT translation "one to one"?

I am separating two private class C networks with a PIX 525 firewall (v7.0).

I would like the last octet to be preserved during the translation without entering 254 static statements.


nat (inside) 1

global (outside) 1

Can I enter an additional command for a preservation of the last octet?

I want to always be translated as, shall always become etc.

Of course I could use

static (inside,outside) netmask

static (inside,outside) netmask


but that is not very elegant.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
HEATH FREEL Thu, 03/05/2009 - 07:06

I beleive you can....

static (inside,outside) netmask

I have used this configuration to nat an enitre inside subnet to a different subnet in a DMZ.

HEATH FREEL Thu, 03/05/2009 - 07:15

Not sure I understand...

Based on the example everything looks static - otherwise both the global and static commands would reference "interface".

robertschmitzberlin Fri, 03/06/2009 - 02:10

Thank you for your replies.

Sorry for my unprecise wording, I should have written "dynamic" instead of *dynamic*.

When I wrote *dynamic* I only wanted to differentiate between configuring 254 static statements to ensure the one-to-one-translation as opposed to a single statement or just a few statements.

What I would like to make sure is the one-to-one translation: must always be translated to must always be translated to must always be translated to must always be translated to etc.

I don't care whether this is configured dynamically or statically, as long as it is not necessary to configure the 254 statements.


This Discussion