Is is possible to have the PIX use PAT for outbound traffic, like FTP and HTTP to any IP address, but then have it use NAT only to a few specific destinations?
Here is the problem I have which may help explain the question:
I have client PC's that need to access a remote site to another company via Nortel VPN. This requires a 1-1 mapping with NAT, and no PAT. I have gotten this to work in a test env with the global commands and with static commands. The problem I have is; there are more client computers that need access to the VPN than I have public IP's, but not all the clients use the VPN software at the same time.
So effectively what I want is:
an access-list that uses PAT for all regular traffic
an access-list that says:
if traffic is going to destination x.x.x.x, then use the global pool of x.x.x.1-x.x.x.20.
I know this is possible with Netscreen firewalls, I just hope it is with the PIX as well.
pix(config)# access-l NET1 perm ip 10.1.1.0 255.255.255.0 host 12.40.x.x
pix(config)# access-l NET2 perm ip 10.1.1.0 255.255.255.0 any
pix(config)# nat (inside) 2 access-l NET1
ERROR: invalid nat ID, <2>, with access-list
Usage: [no] nat [()] [
[ [emb_limit> ]]]
[no] nat [(if_name)] 0 [access-list [outside]]
I always get an error stating that the NAT ID is incorrect, no matter what I change it to. Any thoughts on this. I've done some searching, and it seems that only and "nat (inside) 0" command will work with an access-list. But it sems that this will limit my possibilites.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...