[c-nsp] PIX + NAT for selected host based on protocol
Prit Patel
shahtejal at gmail.com
Thu Jul 14 07:24:33 EDT 2005
Hello All,
We have PIX 525 with 5 interface and failover running 6.0 IOS
We have enable NAT for INSIDE1 subnet.
Now we want to enable NAT only for few client of INSIDE1 subnet and
for rest we dont want to eanble NAT.
E.g. For 5 client NAT should be enable only for telnet-icmp to internet
For 3 client NAT should be enable for protocol IP.
I gave following command but its not working.
nameif ethernet0 outside security0
nameif ethernet3 inside1 security60
access-list 101 permit ip host 10.10.12.3 any
access-list 101 deny icmp 10.10.12.0 255.255.255.240 any
access-list 101 deny tcp 10.10.12.0 255.255.255.240 any eq www
access-list 101 deny tcp 10.10.12.0 255.255.255.240 any eq telnet
access-list 101 deny tcp host 10.10.12.65 any
access-list 101 permit ip 10.10.12.128 255.255.255.128 any
ip address outside 1.2.3.4 255.255.255.0
ip address noc 10.10.12.1 255.255.255.0
global (outside) 1 x.x.x.x netmask 255.255.255.0
nat (inside1) 0 access-list 101
nat (inside1) 1 172.16.2.0 255.255.255.0 0 0
In above config NAT for host 10.10.12.65 is not working.
How can enable such thing in pix.
Regards
prit
More information about the cisco-nsp
mailing list