Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

could pix change source and destionation address at the same time ?

coule the pix change source and destionation address to another sour. and dest. ip address when ip packet pass the pix firewall ?

for example :

sour. 10.1.1.1 / dest. 10.2.2.2 --> PIX --> sour. 172.1.1.1 dest. 172.2.2.2

how could i do if could ??

thx...

  • Other Security Subjects
4 REPLIES
Cisco Employee

Re: could pix change source and destionation address at the same

you can change the source 10.1.1.1 to 172.1.1.1 with nat (outside) on PIX 6.2

http://www.cisco.com/warp/public/707/28.html#outnat

changing destination NAT is using the normal static command with ACL.

HTH

R/Yusuf

New Member

Re: could pix change source and destionation address at the same

thank you very much!

but , would you like to give me more tips about changing dest. ip address with the normal static command with acl ?

pyle wang

Cisco Employee

Re: could pix change source and destionation address at the same

eg

dest. 10.2.2.2 NAT to 172.2.2.2 inside host

static (inside,outside) 10.2.2.2 172.2.2.2 netmask 255.255.255.255

access-list 101 permit ip any host 10.2.2.2

access-group 101 in interface outside

If the 172.2.2.x is your inside subnet i.e. ethernet1 then above config is sufficient, if not, then you also need to add a static route as follows;

route inside 172.2.2.0 255.255.255.0 172.2.2.x (next-hop of your inside device)

HTH

R/Yusuf

New Member

Re: could pix change source and destionation address at the same

I have done this using Nat and global for the src nat and I used the alias command to do the dst nat. Works pretty well. The following command will do the trick.

alias (inside) 10.2.2.2 172.2.2.2 255.255.255.255

96
Views
0
Helpful
4
Replies