Destination based Natting in PIX 515

yagnesh_tel · ‎07-08-2009

I have situation where I need to do natting based on destination addresses in PIX 515. I know this is quite easy in routers but never did on PIX so I want to know is this possible? If it is then what is the command for this?

Jon Marshall · ‎07-08-2009

Could you give an example with IP addresses of what exactly you are trying to do ?

Jon

yagnesh_tel · ‎07-08-2009

suppose packet from hosts(1.1.1.X) comes into PIX's inside interface for destination 192.168.10.2, this destination address should be rewrite to 10.10.10.1 while packet traverse outside interface of the PIX.

Patrick0711 · ‎07-08-2009

Use policy NAT

access-list policy_NAT ext permit ip 1.1.1.0 255.255.255.0 host 192.168.10.2

static (inside,outside) 10.10.10.0 access-list policy_NAT

Keep in mind that you cannot policy NAT multiple inside hosts to a single IP. You'll need to specify a classful network in the static statment.

yagnesh_tel · ‎07-09-2009

If I specify classful network in static statement then what will be destination IP after translation? You mean to say for packets having source as 1.1.1.x and destination as 192.168.10.2, destination will be rewrite to 10.10.10.x after translation where x will be the same integer in both source and destinatin?