[c-nsp] Transparent NAT
Primoz Jeroncic
jp at softnet.si
Wed Sep 28 03:06:23 EDT 2005
On Fri, 23 Sep 2005, Mikisa Richard wrote:
> Hi,
>
> I need to do a 'transparent nat' on a cisco PIX-515E version 6.3(3). My
> network is mainly natted but in this case, I need to route global IPs
> down to a client. What i need is a straight global IP mapping, ie:
> static (inside,outside) x.x.x.x x.x.x.x netmask 255.255.255.255 0 0.
> Any ideas on how to configure?
>
> Cheers
> Richard
A bit late but hopefully it will still do... Why bother with static
nat at all? In this case I would just do like this:
nat (inside) 1 192.168.0.0 255.255.0.0
nat (inside) 0 x.x.x.0 255.255.255.0
! x.x.x.0/24 is public subnet which doesn't need to be translated
global (outside) 1 y.y.y.1 255.255.255.0
!
route inside x.x.x.0 255.255.255.0 192.168.0.1
! x.x.x.0/24 is routed somewhere behind PIX in inside network.
With this you get 192.168/16 translated to y.y.y.1 (or you can add static
NAT if you need it), while x.x.x.0 passes PIX without translation.
Regards,
Primoz Jeroncic
Support - IP Connectivity & Routing
-------------------------------------------------------------------
Softnet d.o.o. tel: +386 1 562 31 40 |
Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
1236 Trzin primoz(at)softnet.si | for larger values of 1
Slovenija http://flea.softnet.si/
-------------------------------------------------------------------
More information about the cisco-nsp
mailing list