Version 5.2.4 or later, had a feature that allows you to map different PAT
address for NAT pools. SO in essence what you will do is create separate NAT
pools,
nat (inside) 1 10.1.0.0. 255.255.0.0
nat (inside) 2 10.2.0.0 255.255.0.0
global (outside) 1 <public address 1>
global (outside) 2 <puiblic address 2>
The overload is the nat parameter when doing Pating with Cisco Routers. The
acl works differently in PIX, they are more for restricting outbound
traffic.
Raj
-----Original Message-----
From: Vinod Anthony Joseph Cherunni [mailto:vac@dsqworld.com]
Sent: Thursday, July 05, 2001 10:23 AM
To: cisco-nsp@puck.nether.net
Subject: [nsp] REG: Cisco PIX Configuration
Dear All,
I have a few queries in regard to the Cisco PIX 525 configuration.
I would be very greatful if the configuration could be checked & I could
be enlightened on whether I am on the right path.
nameif ethernet0 inside security100
nameif ethernet1 outside security0
nameif ethernet2 dmz security60
nameif ethernet3 dmz1 security40
ip address inside 10.1.1.1 255.0.0.0
ip address outside 204.31.17.1 255.255.255.0
ip address dmz 204.31.16.1 255.255.255.0
ip address dmz1 204.31.15.1 255.255.255.0
nat (inside) 1 10.0.0.5 255.0.0.0
global (outside) 1 204.31.14.25
Question: How would I only allow a group og hosts to use an Overload NAT
address. Is it possible by only listing them one by one.
outbound 11 permit 10.1.1.1 255.255.255.255
outbound 11 deny 0 0
apply (inside) 11 outgoing_src
inbound 12 permit 0 0 204.31.16.0 255.255.255.0
inbound 12 deny 0 0
apply (outside) 12 incoming_src
Question: Are these two access lists correct?. Also can the access lists
replace the static & conduit statements.
Kindly enlighten me,
With warm regards,
Vinod.
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:44 EDT