Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP shift NATting on ASA/PIX ?

Hi, how can I configure one-on-one "IP shift" NATting on PIX/ASA ? For example 202.100.1.16/28 <-> 192.168.2.32/28. So

a.a.a.17 <-> b.b.b.33

...

a.a.a.19 <-> b.b.b.35

...

Can I code like this? I don't have the appliance to verify, anybody can confirm it?

static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240

Thanks in advanced.

  • Firewalling
5 REPLIES

Re: IP shift NATting on ASA/PIX ?

I am not sure if I understood your requirement correctly. But, if you are just trying to confirm the accuracy of the syntax for static command then it's correct. Inside host 192.168.2.32 would appear as 202.100.1.16 on the outside. Let me know if you have a different requirement.

HTH

Sundar

New Member

Re: IP shift NATting on ASA/PIX ?

Hi, thanks for reply. What I want to confirm are:

1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?

2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.

For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.

I checked Cisco document, all examples are one-on-one natting, there is no block-to-block .I hope I explained clearly my requirement, thanks again.

Re: IP shift NATting on ASA/PIX ?

""1. For command "static (inside,outside) 202.100.1.16 192.168.2.32 netmask 255.255.255.240"

Is this a just one-on-one natting or block-on-block natting ? if it's block on block, which ip will be natted to which ip ?""

It's for the block of 16 addresses as indicated by your netmask in the static. The response to the second part of the question is the next question.

""2.For each IP from given public IP pool will be natted to the IP in exactly same position from private pool.

For example, 202.100.1.17 will be natted to 192.168.2.33 and 202.100.1.19 will be natted to 192.168.2.35 not any other addresses in the private pool.""

This part I wasn't sure. So, I just tested this in my lab PIX and the translation is not happening in any order and it's all over the place. Hence, you shouldn't count on the same set of inside and outside address to be used every time PIX does the translation.

HTH

Sundar

New Member

Re: IP shift NATting on ASA/PIX ?

Thanks Sundar.

Re: IP shift NATting on ASA/PIX ?

Glad it helped and thanks for the rating :)

267
Views
4
Helpful
5
Replies