Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX 6.2.2 crazy bi nat with globals and statics question

I am wondering if this will work in 6.2.2. Both must work concurrently and there are also statics involved allowing access to hosts on each side. Access-list assumed

2 interface pix

to allow outbound access

global (outside) 10 x.x.x.x - x.x.x.y /24

nat (inside) 10 z.z.z.z/24

allowing inbound acccess (from high sec to low)

global (inside) 20 a.a.a.a/32 (PAT)

nat (outside) 20 b.b.b.b/32 (a NAT'd address from a client)

thanks in advance

the king of NAT . . . not!!!

1 REPLY
Community Member

Re: PIX 6.2.2 crazy bi nat with globals and statics question

this will work, but two things to note.

1- the global inside 20 address must not be included in the nat inside 10 address range and the global outside 10 address must not be included in the nat outside 20 range.

2- an access list on the outside must be added to permit traffic that you want to nat with the global/nat 20 statements.

note that the global/nat 20 is for traffic from low to high security, not high to low as you noted, assuming the outside has lower level than the inside.

92
Views
0
Helpful
1
Replies
CreatePlease to create content