NAT behind a subnet

kope · ‎09-18-2007

i have a network as attached.

i am translating 192.168.1.0/24 to one single public address on the NAT router. this works fine. But, i am now adding a PIX firewall behind the router. and my servers is now on the 192.168.2.0/24 subnet.

How do i make NAT working under this case? i am having trouble to do just a static NAT on the server since it is not direct connect to the router; and i am using the router to perform NAT.

kope · ‎09-18-2007

attach as shown

Jon Marshall · ‎09-19-2007

Hi

If you still want to do the NAT on the router you need to do a nat exemption for the server traffic on the pix.

Easiest thing to do would be

static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

or

nat (inside) 0 192.168.2.0 255.255.255.0

This will mean all packets from 192.168.2.x servers will be left unnatted till they get to you router.

You will obviously need to update your NAT statements on the router to reflect the change in subnet from 192.168.1.x to 192.168.2.x.

If you don't want to NAT any traffic from inside your pix for any subnet you could just do

nat (inside) 0 0.0.0.0 0.0.0.0

HTH

Jon

a.alekseev · ‎09-19-2007

Is it possible to ask your ISP for some additionals ip addresses?