PIX configuration with multiple NAT statements

Answered Question
Oct 16th, 2006
User Badges:

hi,

I have PIX running version 7.1(2). I use "nat 0" for all outbound traffic to bypass NAT. I have 5 different networks bypassing the PIX NAT. But I would like to apply NAT just for a new network without affecting other traffic. I want this new network to be translated to a specific routable IP.


is this a possible solution? I am trying to aplly NAT on only 10.1.1.0 255.255.255.0 network.


global (OUTSIDE) 1 192.168.1.2


nat (INSIDE) 1 10.1.1.0 255.255.255.0

nat (INSIDE) 0 0.0.0.0 0.0.0.0


Thanks


Ercan

Correct Answer by a.kiprawih about 10 years 10 months ago

It should work. I assumed the 192.168.1.2 is an IP belongs to the same range of outside interface/Public IP (assigned by ISP).


Your 'nat (inside) 1' and 'global (outside) 1' pair will correctly allow hosts on 10.1.1.0/24 to go out using the single IP, and skip the NAT 0.


HTH

AK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
a.kiprawih Mon, 10/16/2006 - 08:05
User Badges:
  • Gold, 750 points or more

It should work. I assumed the 192.168.1.2 is an IP belongs to the same range of outside interface/Public IP (assigned by ISP).


Your 'nat (inside) 1' and 'global (outside) 1' pair will correctly allow hosts on 10.1.1.0/24 to go out using the single IP, and skip the NAT 0.


HTH

AK

dpopli Tue, 10/17/2006 - 01:05
User Badges:

Hi,


Please check for outside address 192.168.1.2

It is a private address and can not be provided by ISP


ercanelibol Tue, 10/17/2006 - 04:20
User Badges:

thanks for the reply, I know it is a private address, I am just giving an config example. let me rewrite it again for you then. Do you think it is going to work?


global (OUTSIDE) 1 122.18.1.2

nat (INSIDE) 1 10.1.1.0 255.255.255.0

nat (INSIDE) 0 0.0.0.0 0.0.0.0



thanks


Ercan

Actions

This Discussion