My internal IP address range is due to be changed from 172.x.x.x net to 10.x.x.x net in March, in which not enough time to migrate my systems and access. Is there a NAT/PAT solution in which requests to internal hosts can be translated to 10.x.x.x host? I want to leave my internal network with 172.x.x..x but also I want the outside world to contact my network as 10.x.x.x network, also outside network and hosts should be able at the same time contact my network as 172.x.x.x. along with 10.x.x..x net
How is your WAN setup ? Is there a router terminating the connection and then forwards the traffic to this firewall ? or is the connection directly onto the firewall ? if there is a router, then yes, you can forward the traffic onto NATted/PATed IP addresses (incase these are not overlapping anywhere on your network)..
make sure you document all traffic which enters and exits your netework... Incase of desktops which would just have outbound connection, you can PAT the 172.x.x.x network to 10.x.x.x IP address and route them across.. this is the case ONLY when these PCs have just outbound connections.. if you need to manage these PCs inbound directly on IP, then you would have issues with PAT.. you should then do a one-to-one NAT which can become a bit difficult, depending on the number of PCs on your network..
For Server and printers which would be accessed from outside (traffic both ways) , you can define static One-on-one NAT rules.. you can define a static with 172.x.x.x local and 10.x.x.x global, so that the server can go out to your WAN, and also traffic from outside can come in.. it all depends on your network layout...
One big advantage of NATting this way, is your existing routing information stays, and you just need to add small static routes for your 10.x.x.x network on the external router.. if you readdress whole LAN, you might have to change routing both internal and external..
You would like the outside hosts to talk to the inside hosts using their 172.x.x.x as well as 10.x.x.x?? This may be possible only when you know which outside hosts or network will try to address them as 172.x.x.x.
You can use nat exemtion if they need to be access using their real IPs and you can do static 1-1 (172.x.x.x to 10.x.x.x) if they try to access them via the translated address.
nat (inside) 0 access-l no-nat
access-list no nat permit ip 18.104.22.168 255.255.255.0 192.168.1.0 255.255.255.0
static (inside,outside) 10.0.0.0 22.214.171.124 net 255.0.0.0
nat 0 with acl takes precedence and is bi-directional just like the static.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...