Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT question

I have probably a very basic question on NAT..

Assume a PIX/FWSM has about 10 interfaces DMZ1 to DMZ10.

DMZ X Network is 10.1.X.0

Now i would like to achieve this..

I would like to hide the 10.1.X.0 from each other.. If a host on DMZ1 i/f communicates with any other DMZ, it must be seen as 192.168.1.1 rather than being seen as 10.1.1.1.

Same rule applies to all DMZs..

Is this possible in first place.? If yes, what commands i would need on the PIX.

Thanks in advance

  • Firewalling
1 REPLY

Re: NAT question

hello ramanaiah,

yes.. this is possible.. you just need to do use the static command and the required ACL's on the interfaces... ACL's will be required when communication is only between a lower security to a higher security zone..

for eg:

your inside IP - 10.1.1.1

DMZ 1 IP - 192.168.100.1

you can use a free IP on the DMZ 1 segment and use the following command:

static (inside,DMZ1) 192.168.100.100 10.1.1.1 netmask 255.255.255.255

depending on the access, u can allow specific ports using an ACL:

access-list DMZ1 permit tcp any host 192.168.100.100 eq 23

access-group DMZ1 in interface DMZ1

you need to carefully build these commands and keep giving access between the DMZ networks...

Hope this helps.. all the best.. rate replies if found useful..

RAj

113
Views
0
Helpful
1
Replies
This widget could not be displayed.