[c-nsp] PIX nat question
dinesh ks chakkaravarthy
dcks at rediffmail.com
Thu Nov 18 18:53:03 EST 2004
Hi All,
It is a very strange requirement. Basicaly PIX will do the NAT traslations on the outbound connections {means from higher security level(inside) to the lower security level(outside)}.
At the same time for inbound connections {lower security level(outside) to higher security level(inside)}the access-list will permit for NAT ip address of the Higer Security inerface.
So at any point of time translations happening for higher security interface.....................
On Fri, 19 Nov 2004 Robert Geller wrote :
>I have a PIX 515 running 6.3 code (I believe) and have a very basic setup. I have a few static translations for traffic from the outside to map to inside hosts. What I need to do, is NAT these connections behind the inside interface of the PIX. Currently,
>the static NAT is translating the destination, and keeping the source as the original client IP. I would like to change this, so the source is also NAT'd and the internal hosts see the connections coming from the PIX or some specified IP that isnt the client source.
>
>Im not sure if something like this would work:
>
>nat (outside) 0 0.0.0.0 0.0.0.0 0 0
>
>I suppose if I needed to, I can set up a global pool with 1 IP
>and Im not sure if this would work either:
>
>global (inside) 1 XX.XX.XX.XX
>nat (outside) 1 0.0.0.0 0.0.0.0 0 0
>
>Any advice / suggestions would be greatly appreciated.
>
>-Rob
>
>
>-- This message has been scanned for viruses and
>dangerous content, and is believed to be clean.
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
ever yours
dc
More information about the cisco-nsp
mailing list