Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Destination NAT

I have a setup as below;

10.0.0.0/24 ---inside (PIX) outside---172.16.1.0/24------(router)----remote network server 222.222.222.1:tcp80

Scenario 1) Can i perform destination nat for remote server 222.222.222.1 to 172.16.1.0/24 segment ip eg 172.16.1.3:tcp80, internal network user from 10.0.0.0/8 network will be PAT to 172.16.1.4 and user browse to remote server with ip 172.16.1.3:tcp80 instead of 222.222.222.1:tcp80.

Can this be achived using PIX 5.2 or later?

Scenario 2) Can i perform destination nat for remote server 222.222.222.1 to 172.16.2.0/24 segment ip eg 172.16.2.1:tcp80, internal network user from 10.0.0.0/8 network will be PAT to 172.16.2.2 and user browse to remote server with ip 172.16.2.1:tcp80 instead of 222.222.222.1:tcp80. There is not interface define for this 172.16.2.0 segment.

Can this be achived using PIX 5.2 or later?

Thanks

2 REPLIES
Silver

Re: Destination NAT

I think it is not possible because the ip nat inside source static command can be used to hide the actual address of the inside server by using a static translation.

New Member

Re: Destination NAT

No.

What you -can- do is NAT 222.222.222.1 to a 10.0.0.0 address like 10.0.0.24

Since you are already doing outgoing NAT on your 10.x.x.x network the traffic arriving at 222.222.222.1 would appear to be coming from your 172.16.1.4 PATed address. We do this sort of thing to make an external agency's website (on one of our DMZ's) to appear to be on our internal LAN. Nice thing about this bi-directional NAT is that neither side's network needs to know about the other or how to route to it. The Pix does all the work.

We're doing this on v6.2 and 6.3

129
Views
0
Helpful
2
Replies
CreatePlease to create content