NAT based on destination address in PIX

Discussion in 'Cisco' started by shinhyuk, Dec 8, 2003.

  1. shinhyuk

    shinhyuk Guest

    Hi

    I'm newbie in Cisco PIX Firewall

    How to configure NAT based on destination in PIX (not source based)

    Can I get some examples ?

    thanks in advance.
     
    shinhyuk, Dec 8, 2003
    #1
    1. Advertisements

  2. :I'm newbie in Cisco PIX Firewall

    :How to configure NAT based on destination in PIX (not source based)

    Do you mean:

    A) That when your users give a particular destination address 1.2.3.4,
    you want the address to be silently re-written as if they had addressed
    5.6.7.8 instead? Or

    B) That when your users give a particular destination address 1.2.3.4,
    that you want your user's source IP to be NAT'd to 5.6.7.8 instead
    of the 5.6.9.15 that they would otherwise be NAT'd to?

    If you are wanting (A), destination address re-writing, then you
    want to use 'alias', or better yet, the newer 'outside nat' (PIX 6.2
    onward.)

    If you are wanting (B), that the address you want to be NAT'd into
    depends on the destination, then you need "policy NAT", which is new
    as of 6.3(2) I think it is.
     
    Walter Roberson, Dec 8, 2003
    #2
    1. Advertisements

  3. shinhyuk

    shinhyuk Guest

    Thanks for your reply

    I want to go to (B) - depend on destination -

    Can I get a 'Policy NAT' examples ?

    Thanks million
     
    shinhyuk, Dec 8, 2003
    #3
  4. Walter Roberson, Dec 9, 2003
    #4
  5. shinhyuk

    shinhyuk Guest

    Thanks for your help!

    your answer is very helpful to me

    best regards,
     
    shinhyuk, Dec 9, 2003
    #5
  6. shinhyuk

    ishi_us

    Joined:
    May 22, 2009
    Messages:
    2
    Likes Received:
    0
    I have also checked the same ( scenrio B) through PIX , working properly.
    But need to do the same in Router .
    Is this possible.
    I should explain my scerio as well.

    when source=10.0.0.1 and destination = 192.168.1.1 ,so it should nat source ip 10.0.0.1 ---> 172.20.10.1

    means access-list will be

    access-list 101 permit ip host 10.0.0.1 host 192.168.1.1

    and NAT statement is

    ip nat pool test 172.20.10.1 172.20.10.1 prefix-length 24
    ip nat inside source list 101 pool test

    In above statements in router , not working.

    Kindly help to resolve my this issue.

    Need to tell more that i have already NAT working on the 10.0.0.0/24 network with access list for Internet

    access-list 13 permit ip 10.0.0.0 0.0.0.255
    ip nat inside source list 13 interface fastetherenet 0/3 overloaded.

    Hope you got it all.
    Waiting for your highly appreciated response.

    Regards,
    Ishtiaq Ahmed
     
    ishi_us, May 22, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.