Destination based Natting in PIX 515

Unanswered Question
Jul 8th, 2009
User Badges:
  • Silver, 250 points or more

I have situation where I need to do natting based on destination addresses in PIX 515. I know this is quite easy in routers but never did on PIX so I want to know is this possible? If it is then what is the command for this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 07/08/2009 - 13:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Could you give an example with IP addresses of what exactly you are trying to do ?


yagnesh_tel Wed, 07/08/2009 - 16:55
User Badges:
  • Silver, 250 points or more

suppose packet from hosts(1.1.1.X) comes into PIX's inside interface for destination, this destination address should be rewrite to while packet traverse outside interface of the PIX.

Patrick0711 Wed, 07/08/2009 - 17:12
User Badges:
  • Bronze, 100 points or more

Use policy NAT

access-list policy_NAT ext permit ip host

static (inside,outside) access-list policy_NAT

Keep in mind that you cannot policy NAT multiple inside hosts to a single IP. You'll need to specify a classful network in the static statment.

yagnesh_tel Thu, 07/09/2009 - 06:14
User Badges:
  • Silver, 250 points or more

If I specify classful network in static statement then what will be destination IP after translation? You mean to say for packets having source as 1.1.1.x and destination as, destination will be rewrite to 10.10.10.x after translation where x will be the same integer in both source and destinatin?


This Discussion