so what i understood is that as long as port forwarding is there, i can do it.

but what if there is no port forwarding then what is the possibility e.g

partner is connecting to 1.1.1.1 420

accessing to 192.168.1.1

for above i have this entry present in pix

static (inside,outside) tcp 1.1.1.1 420 192.168.1.1 420 netmask 255.255.255.255

need to nat 1.1.1.1 on same port 420

i hope it's clear

Hi,

No, that wont be possible.

You can have one association with one combination of the natip,port to a inside host inside.

-VJ

but what about Outside NAT. won't it be possible using it

Hi,

Let me know exactly what you are trying to achieve.

Whatever is the scenario, as stated earlier, you can only have one combination of a natip, port.

-VJ

as i explained in my first post

i want to nat 1.1.1.1 IP address to 192.168.1.any .

i am attaching the diagram for more explanation.

Hi,

As stated earlier, when you have used the outside ip to static nat and forward a particular port,

you can further use the same outside to redirect other ports to your inside hosts/server.

However i dont think you can use that outside ip to do a one to one NAT to another inside host.

When you have,

static (inside,outside) tcp 1.1.1.1 420 192.168.1.1 420 netmask 255.255.255.255

You can have,

static (inside,outside) tcp 1.1.1.1 80 192.168.1.2 80 netmask 255.255.255.255

But not,

static (inside,outside) 1.1.1.1 192.168.1.10 netmask 255.255.255.255

-VJ

Thank VJ,

I got your point, but still i think my question is not clear enough. anyways here is another try to it, as you can see in the diagram i ve attached

When the server tries to establish session to 192.168.1.1 using faked IP e.g. 10.10.10.10, coming through the vpn tunnel on PIX.

Then pix should further translates his IP i.e 10.10.10.10 to e.g. IP 45.54.45.54 and then it should connect to Host IP 192.168.1.1

And when 192.168.1.1 reply back to 1.1.1.1 the PIX should change translate back 45.54.45.54 to 10.10.10.10 which 1.1.1.1 actually tried connecting to.

Hope it's clear enough.

Hi,

Sorry...Im totally lost here on understanding your requirement.

To make this easy for me, Kindly explain me again with your diagram/ip addresses mentioned on the diagram along with your existing configuration in PIX.

-VJ

VJ,

All i want to do is that PIX should allow Host-A to connect, then PIX should change the Host-A Source from 1.1.1.1 to 10.10.10.10 and should tell Host-A to connect to Host-B (192.168.1.1)

the same should happen when Host-B reply, Then PIX should change back 10.10.10.10 to 1.1.1.1.

In short, Traffic coming to the PIX through this tunnel from Host-A, PIX should change the source to 10.10.10.10 and should tell Host-A how to connect to Host-B as 10.10.10.10

Hope anyone can solve this.