[c-nsp] PIX xlate/nat question
info at beprojects.com
info at beprojects.com
Fri Jun 10 16:34:04 EDT 2005
Upgrade to 6.3(4) and use Policy NAT (I know it's new in 6.3 something,
but I'm not sure of the exact image, hoever I know for sure it is in 6.3.4):
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113601
Burton Windle wrote:
> I have a PIX, running 6.2(3), configured as this:
>
> internet <--> 2620 router <--> Pix <--> switch <--> netflow server
>
> I am trying to figure out a way to allow my 2620 to export netflow data to
> the netflow server (10.5.1.34) by using the netflow server's internal IP
> (due to a shortage of external IPs), and yet still NAT outgoing
> connections from the netflow server.
>
> I had a static entry in my PIX's config that allowed netflow data from my
> 2620 to reach the netflow server; however, any data sent from the netflow
> server was being sent out to the 'net wasn't being NAT'ed (and thus being
> blocked by my border router's bogon ACL)
>
> The static entry I had was:
> static (inside,outside) 10.5.1.34 10.5.1.34 netmask 255.255.255.255 0 0
>
> After I remove the above static line, it was getting NAT'ed correctly, but
> of course, the 2620 couldn't talk inward anymore.
>
> Is what I'm wanting to do possible; have one device outside the PIX talk
> to an internal device by its internal IP, but have outgoing traffic from
> that internal device still be NAT'ed properly?
>
>
More information about the cisco-nsp
mailing list