Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Policy NAT from level low to level high on PIX 525 v.6.3

I am trying to do policy NAT from Level 20 to Level 40 for certain Server inside Level 20

From level 40 one side should see it for example as 10.10.10.10 and other 10.10.20.10.

access-list type permit ip x.x.x.x sm y.y.y.y xm - connected to static nat

Is this possible?

Did anyone did this?

And ofcourse example woould be gold worth.

All of you who even think about my problem I thank you.

:-)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Policy NAT from level low to level high on PIX 525 v.6.3

Don't forget that you need a 'normal' inside higher-to-lower source NAT defined as well for the L40 addresses using NAT, PAT or static. For example add 'nat (L40) 1 0 0' and 'global (L20) 1 interface'

And check the logfile.

3 REPLIES

Re: Policy NAT from level low to level high on PIX 525 v.6.3

Yes, it is possible.

Try this:

access-list PNAT1 permit ip host

access-list PNAT2 permit ip host

static (outside,inside) 10.10.10.10 access-list PNAT1

static (outside,inside) 10.10.20.10 access-list PNAT2

The interface names need to match your configuration obviously.

Regards,

/Mattias

Community Member

Re: Policy NAT from level low to level high on PIX 525 v.6.3

I've tried this but doesn't work.

I used the same type of conf, packet enters L40 interface but doesn't leave L20 interface.

There in no nonat assigned to interface but it doesn't work, and it has matches in L40 interface access-list.

I am just checking Alias, where it is possible to use Alias for destination NAT

Thank you for suggestion.

Re: Policy NAT from level low to level high on PIX 525 v.6.3

Don't forget that you need a 'normal' inside higher-to-lower source NAT defined as well for the L40 addresses using NAT, PAT or static. For example add 'nat (L40) 1 0 0' and 'global (L20) 1 interface'

And check the logfile.

166
Views
3
Helpful
3
Replies
CreatePlease to create content