Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NAT issue from Network A to Network B

Posted on 2004-11-09
9
Medium Priority
?
166 Views
Last Modified: 2010-04-10
Need to NAT network A to network B.

Network A = 192.168.1.1 INSIDE int
                   209.40.171.195 OUTSIDE int
                   192.168.1.x/24 is inside network behind PIX 501

Network B = 64.136.73.201 PUB int concentrator
                  172.16.0.1/16 is internal network

I need the 192.168.1.x/24 traffic to be translated into a 172.16.x.x/16 address.

Please advise.
0
Comment
Question by:MCHDMISDEPT
  • 5
  • 4
9 Comments
 
LVL 5

Expert Comment

by:martap
ID: 12538243

Just create a LAN-2-LAN tunnel between the PIX and the Concentrator. On the concentrator under "Configuration>Policy Management>Traffic Management>NAT>Enable" check the "LAN-to-LAN Tunnel NAT Rule Enabled". Then under "LAN-to-LAN Rules" define your NAT desires...

Good luck...
0
 

Author Comment

by:MCHDMISDEPT
ID: 12538315
ok...that is where I am currently looking...I have never setup a lan to lan nat...what is my Source network? what is the translated network? remote network?

please advise.
0
 
LVL 5

Expert Comment

by:martap
ID: 12538412

Will you need bi-directional traffic (I don't mean the return traffic)? I mean, will clients on the 192.168.1.0 network initiate traffic to the 172.16.x.x network, and will clients on the 172.16.x.x initiate traffic to the 192.168.1.0 network? Or will it only be 192.168.1.0 clients initiating traffic to 172.16.x.x?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:MCHDMISDEPT
ID: 12538446
192 will initiate to 172...
0
 
LVL 5

Expert Comment

by:martap
ID: 12538516

Oh and you will need to subnet the 172.16.x.x network. So let's say 172.16.1.0/24. You map 192.168.1.0/24 to 172.16.1.0/24. You will then have to add a route on your 172.16.x.x router that subnet 172.16.1.0/24 can be found at the concentrator. If you don't need one2one mapping you could make that subnet a lot smaller.
0
 

Author Comment

by:MCHDMISDEPT
ID: 12538534
ok so what do I need to put into source network?  translated network? and remote network?
0
 
LVL 5

Expert Comment

by:martap
ID: 12538563

source: 192.168.1.0/24
trans: new subnet
remote: 0.0.0.0/0
0
 

Author Comment

by:MCHDMISDEPT
ID: 12538643
ok I added the entries you suggested.  Now, under the lan to lan area in the concentrator...how do I make this NAT rule apply to this lan to lan connection?
0
 
LVL 5

Accepted Solution

by:
martap earned 1000 total points
ID: 12538907

What you're trying to realize can be fixed simpler:

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Check it, this is done completely on the PIX.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question