Solved

Cisco Pix One-to-One NAT

Posted on 2006-10-23
5
1,296 Views
Last Modified: 2007-11-27
I have several internal private ip's I need to NAT out using One-to-One address tranlations to public ip's. Will a Pix allow me bind (alias) several public ip addresses to a single interface? If so, what is the maximum number of aliases supported per interface? If not, is there a device better suited for the situation that offers basic firewall functionality?
0
Comment
Question by:lhaynes
  • 2
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17792033
Yes, you can. there is no specific limit.
You can even do 1-1 network translations.
i.e.  10.10.10.0 /24 to 12.34.56.0 /25 where:
 10.10.10.1 = 12.34.56.1
 10.10.10.2 = 12.34.45.2
 <etc>
what version PIX OS are you running?
Are these private IP's part of the same block of IP's in the same subnet assigned to your outside interface, or is this another subnet that the ISP is routing to you?
Either way, the syntax is the same:
 static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
 static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
 static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255
 static (inside,outside) <public IP4> <private IP4> netmask 255.255.255.255
<etc>

0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17792042
PIX has no problem natting. There is no limitation, you can NAT to as many IPs as your ip Block permits.
0
 

Author Comment

by:lhaynes
ID: 17792165
Thanks, lrmoore. That's exactly what I was looking for. I haven't purchased one yet, but soon will. To answer your question, it's another subnet my ISP is routing to me.
0
 

Author Comment

by:lhaynes
ID: 17792201
One more quick question regarding reverse NAT. In your example, would a machine on the internet would be able to access public IP1, 2, 3, 4 and their respective translations bound on the same interface?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17792223
As long as you create access-lists to permit it, yes these systems will be acessible by their public IP's from the world
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question