Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco Employee

Identity NAT on PIX -- help needed

I have read through the documents on Identity NAT but few things are not clear to me. Consider the following network setup and the requirement.

PC1 ----[Inside]-PIX--[Dmz]---PC2

PC1 - 10.1.1.1

Inside - 10.1.1.2

DMZ - 10.2.2.1

PC2 -- 10.2.2.2

Requirement

PC2 has to retain the same IP address when it is communicating with inside network.

So configured following NAT

Static (dmz, inside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255

However, when I configure following statements the traffic flows as expected

Static ( inside, dmz) 10.2.2.2 10.2.2.2

Static ( inside,dmz) 10.1.1.1 10.1.1.1

Static (dmz,inside) 10.1.1.1 10.1.1.1

Question

Can someone explain the identity NAT concept in the above scenario and the correct configuration statement?

Thanks in advance for your time

Padmanabhan

3 REPLIES
Gold

Re: Identity NAT on PIX -- help needed

can you first answer a couple questions about your setup please?

1. what version of PIX OS?

2. if version is 7.x or later, is nat-control enabled

3. what is the security-level of the dmz interface?

Cisco Employee

Re: Identity NAT on PIX -- help needed

1- 7.2.2

2- Nat control is enabled

3- Inside 100, DMZ 50

Please let me know if you need any further information or not.

Gold

Re: Identity NAT on PIX -- help needed

you don't need:

Static (dmz,inside) 10.1.1.1 10.1.1.1

Static ( inside, dmz) 10.2.2.2 10.2.2.2

identity nat is when you nat something to itself.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043458

102
Views
0
Helpful
3
Replies