[c-nsp] PIX xlate/nat question

Jeff Kell jeff-kell at utc.edu
Fri Jun 10 16:38:04 EDT 2005


Burton Windle wrote:
> I have a PIX, running 6.2(3), configured as this:
> 
> internet <--> 2620 router <--> Pix <--> switch <--> netflow server
> 
> I am trying to figure out a way to allow my 2620 to export netflow data to 
> the netflow server (10.5.1.34) by using the netflow server's internal IP 
> (due to a shortage of external IPs), and yet still NAT outgoing 
> connections from the netflow server.

For monitoring purposes of devices outside the PIX, we make static translations from the inside devices to a valid outside IP, and apply appropriate access lists to be careful about what is permitted outside=>inside over those statics (typically only the external loopbacks).  Have your outside devices point syslog/nde to the external statics.  Works for importing syslog/nde as well as SNMP querying (setup external router access-groups permitting SNMP to the statics).

Jeff



More information about the cisco-nsp mailing list