Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT based on destination address in PIX

Reply
Thread Tools

NAT based on destination address in PIX

 
 
shinhyuk
Guest
Posts: n/a
 
      12-08-2003
Hi

I'm newbie in Cisco PIX Firewall

How to configure NAT based on destination in PIX (not source based)

Can I get some examples ?

thanks in advance.








 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-08-2003
In article <br1gi9$g5j$(E-Mail Removed)>,
shinhyuk <(E-Mail Removed)> wrote:
:I'm newbie in Cisco PIX Firewall

:How to configure NAT based on destination in PIX (not source based)

Do you mean:

A) That when your users give a particular destination address 1.2.3.4,
you want the address to be silently re-written as if they had addressed
5.6.7.8 instead? Or

B) That when your users give a particular destination address 1.2.3.4,
that you want your user's source IP to be NAT'd to 5.6.7.8 instead
of the 5.6.9.15 that they would otherwise be NAT'd to?

If you are wanting (A), destination address re-writing, then you
want to use 'alias', or better yet, the newer 'outside nat' (PIX 6.2
onward.)

If you are wanting (B), that the address you want to be NAT'd into
depends on the destination, then you need "policy NAT", which is new
as of 6.3(2) I think it is.
--
Take care in opening this message: My grasp on reality may have shaken
loose during transmission!
 
Reply With Quote
 
 
 
 
shinhyuk
Guest
Posts: n/a
 
      12-08-2003
Thanks for your reply

I want to go to (B) - depend on destination -

Can I get a 'Policy NAT' examples ?

Thanks million


"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:br2e4i$990$(E-Mail Removed)...
> In article <br1gi9$g5j$(E-Mail Removed)>,
> shinhyuk <(E-Mail Removed)> wrote:
> :I'm newbie in Cisco PIX Firewall
>
> :How to configure NAT based on destination in PIX (not source based)
>
> Do you mean:
>
> A) That when your users give a particular destination address 1.2.3.4,
> you want the address to be silently re-written as if they had addressed
> 5.6.7.8 instead? Or
>
> B) That when your users give a particular destination address 1.2.3.4,
> that you want your user's source IP to be NAT'd to 5.6.7.8 instead
> of the 5.6.9.15 that they would otherwise be NAT'd to?
>
> If you are wanting (A), destination address re-writing, then you
> want to use 'alias', or better yet, the newer 'outside nat' (PIX 6.2
> onward.)
>
> If you are wanting (B), that the address you want to be NAT'd into
> depends on the destination, then you need "policy NAT", which is new
> as of 6.3(2) I think it is.
> --
> Take care in opening this message: My grasp on reality may have shaken
> loose during transmission!



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      12-09-2003
In article <br2v8f$drg$(E-Mail Removed)>,
shinhyuk <(E-Mail Removed)> wrote:
:Can I get a 'Policy NAT' examples ?

http://www.cisco.com/univercd/cc/td/...mr.htm#1032129

There are two examples just before 'Related Commands'.
--
Admit it -- you peeked ahead to find out how this message ends!
 
Reply With Quote
 
shinhyuk
Guest
Posts: n/a
 
      12-09-2003
Thanks for your help!

your answer is very helpful to me

best regards,


"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:br37ic$khd$(E-Mail Removed)...
> In article <br2v8f$drg$(E-Mail Removed)>,
> shinhyuk <(E-Mail Removed)> wrote:
> :Can I get a 'Policy NAT' examples ?
>
>

http://www.cisco.com/univercd/cc/td/...mr.htm#1032129
>
> There are two examples just before 'Related Commands'.
> --
> Admit it -- you peeked ahead to find out how this message ends!



 
Reply With Quote
 
ishi_us ishi_us is offline
Junior Member
Join Date: May 2009
Posts: 2
 
      05-22-2009
I have also checked the same ( scenrio B) through PIX , working properly.
But need to do the same in Router .
Is this possible.
I should explain my scerio as well.

when source=10.0.0.1 and destination = 192.168.1.1 ,so it should nat source ip 10.0.0.1 ---> 172.20.10.1

means access-list will be

access-list 101 permit ip host 10.0.0.1 host 192.168.1.1

and NAT statement is

ip nat pool test 172.20.10.1 172.20.10.1 prefix-length 24
ip nat inside source list 101 pool test

In above statements in router , not working.

Kindly help to resolve my this issue.

Need to tell more that i have already NAT working on the 10.0.0.0/24 network with access list for Internet

access-list 13 permit ip 10.0.0.0 0.0.0.255
ip nat inside source list 13 interface fastetherenet 0/3 overloaded.

Hope you got it all.
Waiting for your highly appreciated response.

Regards,
Ishtiaq Ahmed
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA - NAT based on destination address tomasek Hardware 1 12-16-2007 02:53 PM
NAT source based on destination... per request? 1388-2/HB Cisco 0 02-22-2007 08:23 PM
NAT'ing to different outside addresses based on port _or_ destination address theodorehope@gmail.com Cisco 1 08-31-2006 09:42 PM
NAT based on destination Sorin Platon Cisco 3 09-14-2004 04:19 PM
Destination not reachable until destination pings source! PIX501 Dave Cisco 0 02-27-2004 06:15 PM



Advertisments