Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX NAT/PAT question ?

On a PIX firewall is it possible to NAT the source addresses of an outside network to a single inside address therefore representing each outside address with PAT?

For example if the outside network is defined as 192.168.1.0/24 and the inside address to represent the outside network is defined as 192.168.2.1/32. What would be the necessary config to allow the outside addresses to be represented as 192.168.2.1 using PAT.

I suppose im trying to configure PAT in reverse to how it would normally be used (i.e using a single global address to represent many inside addresses)!

Any advice appreciated

Thanks

7 REPLIES
New Member

Re: PIX NAT/PAT question ?

Hi

It can be possible just try that im not sure.

Global (inside) 1 192.168.2.1 netmask 255.255.255.0

Nat (outside) 1 192.168.1.0 255.255.255.0

Then you need to deifne access-list to permit this ip address sees inside.

Hope to Helpful.

Silver

Re: PIX NAT/PAT question ?

I think your trying to configure destination based. You need to do it this way reverse the static nat statements

static(outside,inside) 192.168.2.1 192.168.1.0 netmask 255.255.255.0

Do remember to configure the appropriate access-list.

HTH

Hoogen

Do rate if this helps :)

New Member

Re: PIX NAT/PAT question ?

Hi, thanks for the reply, i have just tried it that way but I get an overlaping address space error from the pix when i try to enter the command.

Silver

Re: PIX NAT/PAT question ?

Did you try mapping host to host?

Hoogen

New Member

Re: PIX NAT/PAT question ?

Yes I have tried it mapping host to host with a seperate static entry for each address translation and this works fine but the reason im trying to do it using PAT is to save on available inside IP address space.

Regards

New Member

Re: PIX NAT/PAT question ?

Hi again

Could you send your config ?

New Member

Re: PIX NAT/PAT question ?

Thanks for the replies. I eventually managed to get this working, I was missing the outside keyword off the end of the nat statement to enable outside nat. For info, the working config is:

nat(outside) 1 192.168.0 255.255.255.0 outside

global(inside) 1 192.168.2.1 netmask 255.255.255.255

122
Views
0
Helpful
7
Replies
CreatePlease login to create content