[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1302
  • Last Modified:

Cisco Pix One-to-One NAT

I have several internal private ip's I need to NAT out using One-to-One address tranlations to public ip's. Will a Pix allow me bind (alias) several public ip addresses to a single interface? If so, what is the maximum number of aliases supported per interface? If not, is there a device better suited for the situation that offers basic firewall functionality?
0
lhaynes
Asked:
lhaynes
  • 2
  • 2
1 Solution
 
lrmooreCommented:
Yes, you can. there is no specific limit.
You can even do 1-1 network translations.
i.e.  10.10.10.0 /24 to 12.34.56.0 /25 where:
 10.10.10.1 = 12.34.56.1
 10.10.10.2 = 12.34.45.2
 <etc>
what version PIX OS are you running?
Are these private IP's part of the same block of IP's in the same subnet assigned to your outside interface, or is this another subnet that the ISP is routing to you?
Either way, the syntax is the same:
 static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
 static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
 static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255
 static (inside,outside) <public IP4> <private IP4> netmask 255.255.255.255
<etc>

0
 
instillmotionCommented:
PIX has no problem natting. There is no limitation, you can NAT to as many IPs as your ip Block permits.
0
 
lhaynesAuthor Commented:
Thanks, lrmoore. That's exactly what I was looking for. I haven't purchased one yet, but soon will. To answer your question, it's another subnet my ISP is routing to me.
0
 
lhaynesAuthor Commented:
One more quick question regarding reverse NAT. In your example, would a machine on the internet would be able to access public IP1, 2, 3, 4 and their respective translations bound on the same interface?
0
 
lrmooreCommented:
As long as you create access-lists to permit it, yes these systems will be acessible by their public IP's from the world
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now