Solved

Cisco Pix One-to-One NAT

Posted on 2006-10-23
5
1,299 Views
Last Modified: 2007-11-27
I have several internal private ip's I need to NAT out using One-to-One address tranlations to public ip's. Will a Pix allow me bind (alias) several public ip addresses to a single interface? If so, what is the maximum number of aliases supported per interface? If not, is there a device better suited for the situation that offers basic firewall functionality?
0
Comment
Question by:lhaynes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17792033
Yes, you can. there is no specific limit.
You can even do 1-1 network translations.
i.e.  10.10.10.0 /24 to 12.34.56.0 /25 where:
 10.10.10.1 = 12.34.56.1
 10.10.10.2 = 12.34.45.2
 <etc>
what version PIX OS are you running?
Are these private IP's part of the same block of IP's in the same subnet assigned to your outside interface, or is this another subnet that the ISP is routing to you?
Either way, the syntax is the same:
 static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
 static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
 static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255
 static (inside,outside) <public IP4> <private IP4> netmask 255.255.255.255
<etc>

0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17792042
PIX has no problem natting. There is no limitation, you can NAT to as many IPs as your ip Block permits.
0
 

Author Comment

by:lhaynes
ID: 17792165
Thanks, lrmoore. That's exactly what I was looking for. I haven't purchased one yet, but soon will. To answer your question, it's another subnet my ISP is routing to me.
0
 

Author Comment

by:lhaynes
ID: 17792201
One more quick question regarding reverse NAT. In your example, would a machine on the internet would be able to access public IP1, 2, 3, 4 and their respective translations bound on the same interface?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17792223
As long as you create access-lists to permit it, yes these systems will be acessible by their public IP's from the world
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question