Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 525 6.3(3) and NAT

Good morning I must NAT a host allocate on a pubblic network that have yet a NAT 0 on all network addresses, I specify plus, about Pix configuration

!

interface ethernet4 vlan13 physical

!

nameif ethernet4 dmz-zcom1 security50

!

nat (dmz-zcom1) 0 pubblic_ip_network_address 255.255.255.0 0 0

!

static (dmz-zcom1,outside) pubblic_ip_network_address same_pubblic_ip_network_address netmask 255.255.255.0 0 0

The hosts belong to network pubblic_ip_network_address go to internet with its pubblic IP address without use global command

Now i cuold NAT a host of ip_host_pubblic_ip_network_address with a global pubblic ip address.

How can I make goal?

I think with this configuration:

!

nat (dmz-zcom1) 4 access-list my_access-list

!

global (outside) 4 global_pubblic_ip_address 255.255.255.0

!

static (dmz-zcom1,outside) global_pubblic_ip_address 255.255.255.0 pubblic_ip_network_address 255.255.255.0

!

access-list my_access-list permit ip host pubblic_ip_network_address host host_belong_to_another_public_ip_network

Any information that you can send me are welcomed

Best Regards

Davide

3 REPLIES

Re: Pix 525 6.3(3) and NAT

Hello Davide,

I am not really clear on what you are asking: do you want to NAT a host with a public IP address to another public IP address ? Can you clarify ?

Regards,

GNT

New Member

Re: Pix 525 6.3(3) and NAT

Hi GNT, correct I want NAT a host with a public IP address to another pubblic IP address, but in particular this host that I want NAT, belong to a pubblic network address and on this pubblic network address i have a NAT 0, as you can see below:

nat (dmz-zcom1) 0 pubblic_ip_network_address 255.255.255.0 0 0

!

static (dmz-zcom1,outside) pubblic_ip_network_address same_pubblic_ip_network_address netmask 255.255.255.0 0 0

!

The host that belong to network pubblic_ip_network_address go to internet, with its pubblic IP address, without use global command.

I think that I must work on subnet mask of the command NAT 0, to esculde the host that I want NAT with a particular global IP address.

I hope I have clarify well, thanks very much fr your reply!

Any information that you can send me are welcomed.

Best Regards

Davide

Re: Pix 525 6.3(3) and NAT

Hello Davide,

you are right, first we need to make sure that the public IP address in question is not part of the access list 'pubblic_ip_network_address'. We then have to define a NAT and GLOBAL statement for the original and the NATted addresses, respectively. What is the pool of public IP addresses, and which one do you want to have excluded ? This will probably involve summarization.

Regards,

GNT

108
Views
0
Helpful
3
Replies