Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Bi-Directional NAT

Hi,

In the PIX v6.2, exist the feature "Bi-Directional NAT". I try, following the Cisco page http://www.cisco.com/warp/customer/707/28.html, and doesn't work.

Somebody have a "working" conf.

Thanks,

// Waldemar Pera

  • Other Security Subjects
2 REPLIES
New Member

Re: Bi-Directional NAT

the link you quoted has all the required commands. make sure you have "static (outside,inside) ..." and an access list or conduit command to permit the required traffic.

New Member

Re: Bi-Directional NAT

Hi Peter,

I will attempt explaint to you my situation:

Net 192.168.1.0/24 ------Out | PIX| In ------------ Net 192.168.100.0/24

In the Net(In), I have a PC 192.168.100.140. I whish that PC see only the Net(In), but also exist a PC 192.168.100.2 that go to Net(Out) like 192.168.1.2.

The users to 192.168.100.140 come from the owner net and from 192.168.1.0 (or wherever), but these need change to 192.168.100.0 for contact with 192.168.1.140.

This my "test" conf:

Bi-NAT# sh run

...

access-list TODO permit ip any any

access-list TODO permit icmp any any

! (TODO is ALL in Spanish)

.....

ip address outside 192.168.1.240 255.255.255.0

ip address inside 192.168.100.240 255.255.255.0

.....

global (outside) 5 192.168.1.241-192.168.1.242

global (inside) 1 192.168.100.241-192.168.100.242

nat (outside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 5 192.168.100.0 255.255.255.0 0 0

static (inside,outside) 192.168.1.2 192.168.100.2 netmask 255.255.255.255 0 0

access-group TODO in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

.....

(Of course: The PC 192.168.1.0/24 have a IP route to 192.168.100.0 through 192.168.1.240).

Thanks .....

252
Views
0
Helpful
2
Replies
This widget could not be displayed.