NAT - Hide Outside Address

david.porter · ‎02-07-2004

Hello,

I want to allow access from inside to outside on a PIX 501 but I want to hide the outside address.

I want to telnet from inside to outside and have the PIX rewrite the address to the real outside address. Sort of the opposite to a normal PAT.

Anyone know if this is possible?

Thanks

mostiguy · ‎02-07-2004

normal PAT would translate the inside host ip source address to the outside interface's ip address for a telnet connection originating from the inside interface that is going out to the internet. This sounds like it is exactly what you seek to do. So what exactly are you trying to do?

david.porter · ‎02-07-2004

Thanks for the quick reply. What I am trying to do is connect to an an ouside IP that I would not normally be able to route to. This firewall is not an Internet firewall, it is just connecting two interior networks. From the inside however I cannot route (by design) to the outside subnet. To telnet to a host on the outside subnet I want the firewall to to redirect from it's inside interface (or pool) to the real IP address on the outside. Basically the reverse of a PAT on an Internet firewall.

Thanks again.

baileja · ‎02-08-2004

David,

To do this you must Nat the outside address to an inside address. Use something similar to the following line. The X.X.X.X is the inside IP you want the outside to appear to the inside as and Y.Y.Y.Y is the real outside IP. You must have at the minimum PIX code 6.2 for this to work.

static (outside,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.255

Follow this link for details.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic12

david.porter · ‎02-08-2004

Thank you. That's exactly what I was after.