Destination based Natting in PIX 515

Unanswered Question
Jul 8th, 2009

I have situation where I need to do natting based on destination addresses in PIX 515. I know this is quite easy in routers but never did on PIX so I want to know is this possible? If it is then what is the command for this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 07/08/2009 - 13:16

Could you give an example with IP addresses of what exactly you are trying to do ?

Jon

yagnesh_tel Wed, 07/08/2009 - 16:55

suppose packet from hosts(1.1.1.X) comes into PIX's inside interface for destination 192.168.10.2, this destination address should be rewrite to 10.10.10.1 while packet traverse outside interface of the PIX.

Patrick0711 Wed, 07/08/2009 - 17:12

Use policy NAT

access-list policy_NAT ext permit ip 1.1.1.0 255.255.255.0 host 192.168.10.2

static (inside,outside) 10.10.10.0 access-list policy_NAT

Keep in mind that you cannot policy NAT multiple inside hosts to a single IP. You'll need to specify a classful network in the static statment.

yagnesh_tel Thu, 07/09/2009 - 06:14

If I specify classful network in static statement then what will be destination IP after translation? You mean to say for packets having source as 1.1.1.x and destination as 192.168.10.2, destination will be rewrite to 10.10.10.x after translation where x will be the same integer in both source and destinatin?

Actions

This Discussion