Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

nat'ing

i have a pix 506e in front of my network i have several servers in my network, but there are 6 servers that i am concerned about.

is it possable in the pix to put those 6 internal ips in a group and have that group use nating through 1 IP address?

3 REPLIES

Re: nat'ing

Use policy NAT if you want the servers to go to the Internet with Public IP A.B.C.D,

then if your servers are 10.0.0.101 till 106

access-list 101 permit tcp host 10.0.0.101 any eq 80

............

............

access-list 101 permit tcp host 10.0.0.106 any eq 80

static(Inside,Outside) A.B.C.D access-list 101

Also you can create object-group for the Internal Server IP's and use it in the ACL.

Hope this helps

Cisco Employee

Re: nat'ing

Here u go :

Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter

1.1.1.1---1.1.1.6 will use outside interface ip for natting.

Do rate if helpful.

Regards,

Sushil

New Member

Re: nat'ing

ok right now my PIX does NOT do any natting at all. all my servers have a manuel IP address mapped to external ip... so i do no think this is complete... just looks like something is missing

Security506E-6.x(config)# nat (inside) 1 1.1.1.1 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.2 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.3 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.4 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.5 255.255.255.255

Security506E-6.x(config)# nat (inside) 1 1.1.1.6 255.255.255.255

Security506E-6.x(config)# global (outside) 1 inter

1.1.1.1---1.1.1.6 will use outside interface ip for natting.

104
Views
0
Helpful
3
Replies