Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT with different Subnets

We have a hub and spoke architecture:

HQ - PIX515, Cisco 3662 Router

Location1 - Cisco 1600 Router

Location2 - Cisco 1600 Router

Location3 - Cisco 1600 Router

Location4 - Cisco 1600 Router

Each location is connect to HQ via a Point-to-Point Full T1.

Each location is on a diffent subnet (e.g. 10.100.X.X - HQ, 10.1.X.X - Loc1, 10.2.X.X - Loc2, etc.)

We have a Security Camera Workstation at each location, that we would like to be able to access from the outside via http.

I have setup a public IP for the HQ site, and can access HQ's security cameras from the outside.

I would like to be able to access the other workstations from the outside via public IP's, as well. How can I accomplish that? How would I NAT across different subnets?

4 REPLIES
Hall of Fame Super Blue

Re: NAT with different Subnets

Hi

1) Does the Internet only come into the HQ site

2) Where is the pix in relation to the 3662 router ie. where does the Internet connect and where do the 1600's connect

3) Where are you doing the HQ NAT

4) What is the version of Pix code.

Apologies for all the questions but we need to know more before we can answer the question.

Jon

New Member

Re: NAT with different Subnets

Jon,

In answer to your questions:

1) Yes

2) Internet->PIX->3662->1600's

3) On the PIX

4) 6.3(5)

Would this suffice on the PIX:

static (inside,outside) 12.34.56.7 10.100.2.2 netmask 255.255.255.255

static (inside,outside) 12.34.56.8 10.1.1.12 netmask 255.255.255.255

static (inside,outside) 12.34.56.9 10.2.2.11 netmask 255.255.255.255

static (inside,outside) 12.34.56.10 10.3.3.33 netmask 255.255.255.255

Hall of Fame Super Blue

Re: NAT with different Subnets

Hi

Yes, this should work fine. The key thing i was worried about was that you might be trying to send traffic back out the same interface it came in on with the pix and with pix v6.3 you can't do this.

But your setup should work fine. As long as the spoke sites use default routing to get back to the HQ 3662.

Jon

New Member

Re: NAT with different Subnets

Hello,

I have natted through for remote subnets before on a router but not with a PIX involved.

I am guessing it would be the same though. Choose a different port number for each site and it should work the same as the setup you have for the HQ now.

HTH.

Andy.

271
Views
0
Helpful
4
Replies