Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

One-to-one-translation with *dynamic* NAT?

Can I map the host part in a dynamic NAT translation "one to one"?

I am separating two private class C networks with a PIX 525 firewall (v7.0).

I would like the last octet to be preserved during the translation without entering 254 static statements.

E.g.:

nat (inside) 1 10.0.1.0 255.255.255.0

global (outside) 1 172.16.1.1-172.16.1.254

Can I enter an additional command for a preservation of the last octet?

I want 10.0.1.1 to always be translated as 172.16.1.1, 10.0.1.2 shall always become 172.16.1.2 etc.

Of course I could use

static (inside,outside) 172.16.1.1 10.0.1.1 netmask 255.255.255.0

static (inside,outside) 172.16.1.2 10.0.1.2 netmask 255.255.255.0

etc.

but that is not very elegant.

6 REPLIES

Re: One-to-one-translation with *dynamic* NAT?

You are refering to "network" translation - I know that routers can do this, don't think the ASA can do it.

HTH>

Community Member

Re: One-to-one-translation with *dynamic* NAT?

I beleive you can....

static (inside,outside) 172.16.1.0 10.0.1.0 netmask 255.255.255.0

I have used this configuration to nat an enitre inside subnet to a different subnet in a DMZ.

Re: One-to-one-translation with *dynamic* NAT?

Yes in a "static" world - the question asked for "Dynamic"

Community Member

Re: One-to-one-translation with *dynamic* NAT?

Not sure I understand...

Based on the example everything looks static - otherwise both the global and static commands would reference "interface".

Community Member

Re: One-to-one-translation with *dynamic* NAT?

Thank you for your replies.

Sorry for my unprecise wording, I should have written "dynamic" instead of *dynamic*.

When I wrote *dynamic* I only wanted to differentiate between configuring 254 static statements to ensure the one-to-one-translation as opposed to a single statement or just a few statements.

What I would like to make sure is the one-to-one translation:

10.0.1.1 must always be translated to 172.16.1.1

10.0.1.2 must always be translated to 172.16.1.2

10.0.1.3 must always be translated to 172.16.1.3

10.0.1.4 must always be translated to 172.16.1.4 etc.

I don't care whether this is configured dynamically or statically, as long as it is not necessary to configure the 254 statements.

Re: One-to-one-translation with *dynamic* NAT?

Heath was correct - what you want to do is achived by:-

static (inside,outside) 172.16.1.0 10.0.1.0 netmask 255.255.255.0

HTH>

174
Views
0
Helpful
6
Replies
CreatePlease to create content