Re: Bi-Directional NAT

w-pera · ‎08-13-2002

Hi,

In the PIX v6.2, exist the feature "Bi-Directional NAT". I try, following the Cisco page http://www.cisco.com/warp/customer/707/28.html, and doesn't work.

Somebody have a "working" conf.

Thanks,

// Waldemar Pera

pgolding · ‎08-14-2002

the link you quoted has all the required commands. make sure you have "static (outside,inside) ..." and an access list or conduit command to permit the required traffic.

w-pera · ‎08-15-2002

Hi Peter,

I will attempt explaint to you my situation:

Net 192.168.1.0/24 ------Out | PIX| In ------------ Net 192.168.100.0/24

In the Net(In), I have a PC 192.168.100.140. I whish that PC see only the Net(In), but also exist a PC 192.168.100.2 that go to Net(Out) like 192.168.1.2.

The users to 192.168.100.140 come from the owner net and from 192.168.1.0 (or wherever), but these need change to 192.168.100.0 for contact with 192.168.1.140.

This my "test" conf:

Bi-NAT# sh run

...

access-list TODO permit ip any any

access-list TODO permit icmp any any

! (TODO is ALL in Spanish)

.....

ip address outside 192.168.1.240 255.255.255.0

ip address inside 192.168.100.240 255.255.255.0

.....

global (outside) 5 192.168.1.241-192.168.1.242

global (inside) 1 192.168.100.241-192.168.100.242

nat (outside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 5 192.168.100.0 255.255.255.0 0 0

static (inside,outside) 192.168.1.2 192.168.100.2 netmask 255.255.255.255 0 0

access-group TODO in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

.....

(Of course: The PC 192.168.1.0/24 have a IP route to 192.168.100.0 through 192.168.1.240).

Thanks .....