NAT DESTINATION PIX V7.0

herve.sauton · ‎10-08-2005

Hello, I have a pix 515 in V7.0 version. I must make Nat Destination for PCs in inside. I must nat destination of a public addresse (public1) to an other public addresse (public2). This translation functions correctly,with "static (outside,inside) public1 public2 netmask 255.255.255.255" but when i want to go to the address public2 directly whithout Nat Destination, with Pat Source, i can't, I have an error message : No translation group found for protocol.

Thank you for your assistance

jackko · ‎10-08-2005

"static (outside,inside) public1 public2 netmask 255.255.255.255", so public2 is the real ip of the pc.

i guess it's normal as the pix will not recognise any traffic with destination public2 from the outside interface.

e.g.

static (outside,inside) 10.0.0.1 192.168.0.1 netmask 255.255.255.255 0 0

pix outside interface will be able to identify traffic with destination 10.0.0.1 not 192.168.0.1, as 192.168.0.x/24 is secured by pix. in other words, pix will not and should not expose the private network regardless whether the network is public or private.

there maybe workaround with the issue. would you please provide more details in terms of the ultimate objective?

herve.sauton · ‎10-09-2005

The problem met it is that I have PCs which have a bad address IP (public1) of smpt server in their smpt client. To prevent modifying the configuration of the PCs a translation is installation so that when these PC send a request smtp, this one is sent towards the good smpt server (public2). On the other hand there are PCs which are configured correctly, and those must be able to question the good smpt server (public2).

This configuration functions already with a firewall Winroot which I must replace by Pix.

The PCs are in inside, the smtp servers public1 and public2 are in outide.