Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nat in PIX

global (outside) 10 172.20.20.15 netmask 255.255.255.255

nat (inside) 10 10.32.0.0 255.252.0.0

This is the Configuration of PIX. My question is, If any traffic is comming from outside, on which IP it will translated.

5 REPLIES
Bronze

Re: Nat in PIX

Hi,

Traffic from the outside to inside won't be translated.

The above configuration will translate traffic coming from the inside network 10.32.0.0 behind the outside IP 172.20.20.15.

New Member

Re: Nat in PIX

Is there ever an instance where Outside traffic would get translated going into a firewall etc?

Hall of Fame Super Blue

Re: Nat in PIX

Yes, if you set up a static translation rather than a dynamic translation ie.

static (inside,outside) 172.20.20.1 192.168.100.1 netmask 255.255.255.255

if the internal host 192.168.1.100 connects to a server on the outside the source address is translated to 172.20.20.1.

If an external PC tries to connect to 172.20.20.1 it will be translated by the pix to 192.168.1.100.

Static translations allow traffic to be initiated from both directions.

Jon

Hall of Fame Super Blue

Re: Nat in PIX

Rupesh

James is correct in what he says. More specifically any traffic that is initiated from the outside will not be translated with the above configuration.

Traffic that is part of a connection that was initiated from the inside will be translated back to the original 10.32.0.0 address.

So if you go to a web page on the internet from 10.32.1.1 then as the traffic goes through the pix the source IP address will be translated to 172.20.20.15. When the web server sends a packet back the destination address is 172.20.20.15. When it arrives at the pix the firewall then translates the destination IP address back to 10.32.1.1.

Jon

New Member

Re: Nat in PIX

It means, I am taking Example of Router, then any traffic initiated from Outside will not be natted with below command.

"ip nat inside source list 15 interface Serial0/1/0:0 overload"

114
Views
5
Helpful
5
Replies