[c-nsp] Two static NAT statements for a local private IP address on PIX 6.3, possible?
Laurent Geyer
lgeyer at 085zehn.com
Tue Oct 3 00:04:23 EDT 2006
On 10/2/06, Dave Lim <dave.daturax at gmail.com> wrote:
>
> Hi Group,
>
> This is a scenario I have not encountered before so I need you guys help.
> I
> have a customer who is using Cisco PIX 6.3 with 4 interfaces. They are
> outside, dmz, inside, corp_net
>
> Apparently, the DMZ interface is using Public routable IP address. For
> traffic going from the DMZ to the outside interface, I did a NAT 0. But
> now
> the user wants to NAT the DMZ public IP address to corp_net (10.84.5.15)
>
> Can a local IP address have 2 static NAT statements? Or can PIX keep an
> xlate table with 2 global entries?
>
> this is the xlate table
>
> PAT Global outside_pix(54133) Local 10.84.2.3(21584)
> PAT Global outside_pix(40830) Local 10.84.2.3(35194)
> Global 10.84.1.114 Local 10.84.1.114
> Global dmz_notes_01 Local dmz_notes_01
> Global 10.84.1.113 Local 10.84.1.113
Would help to see a `show nat' , `show global', `show route' and show ip
address' (obfuscated if need be).
and the Static NAT statements.
> static (dmz,outside) dmz_notes_01 dmz_notes_01 netmask 255.255.255.248 0 0
Are you sure this is a /29 and not a /32?
static (dmz,corp_net) 10.84.5.15 dmz_notes_01 netmask 255.255.255.255
What are you trying to accomplish with that translation?
More information about the cisco-nsp
mailing list