Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT - need help

I have a scenario where I need to present on the outside interface of a PIX running 6.3(4) 3 different translated subnets for a single subnet inside, based on source networks. Please see attached. How can I best achieve this ?

Thanks for any guidance ! A pic is attached.

2 REPLIES
Purple

Re: NAT - need help

Try this:

access-list SourceNetABC permit ip any

access-list SourceNetABC permit ip any

access-list SourceNetABC permit ip any

access-list SourceNetDEF permit ip any

access-list SourceNetDEF permit ip any

access-list SourceNetDEF permit ip any

access-list SourceNetGHI permit ip any

access-list SourceNetGHI permit ip any

access-list SourceNetGHI permit ip any

nat (inside) 1 access-list SourceNetABC

nat (inside) 2 access-list SourceNetDEF

nat (inside) 3 access-list SourceNetGHI

global (outside) 1 10.199.0.0 255.255.255.0

global (outside) 2 38.225.43.0.0 255.255.255.0

global (outside) 3 172.16.0.0 255.255.255.0

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: NAT - need help

Ok great. I see thats good for one to one translation.

Now, here is another challenge I have. For the 172.16.0.0/24 to 172.16.0.0/24 it's no problem but for the 10.199.0.0/24 and 38.225.43.0/24 the host addresses dont line up. In other words, say on the 38.225.43.0 side I may need to do 172.16.0.1 to 38.225.43.129. It's a long story. It's similar in the 10.199.0.0/24 outside range as well.

And, these are NOT limite to outside NATs for outbound (inside>outside) connections to the inidicated sourcenets. I have these sourcenets connecting INBOUND to those translated addresses.

I'm looking to minimize the amount of ACLs, STATIC, etc entries that I have to enter but I may have no choice ?

I'm assuming I have to do Policy NAT on all of em, and that's gonna make the config huge ;-). Unless I can get some help from you guys on another way to do it.

Thanks for the suggestions and time ! Any other ideas based on above certainly appreciated !

102
Views
0
Helpful
2
Replies