We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Cisco Pix One-to-One NAT

Medium Priority
1,312 Views
Last Modified: 2007-11-27
I have several internal private ip's I need to NAT out using One-to-One address tranlations to public ip's. Will a Pix allow me bind (alias) several public ip addresses to a single interface? If so, what is the maximum number of aliases supported per interface? If not, is there a device better suited for the situation that offers basic firewall functionality?
Comment
Watch Question

Sr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008
Commented:
Yes, you can. there is no specific limit.
You can even do 1-1 network translations.
i.e.  10.10.10.0 /24 to 12.34.56.0 /25 where:
 10.10.10.1 = 12.34.56.1
 10.10.10.2 = 12.34.45.2
 <etc>
what version PIX OS are you running?
Are these private IP's part of the same block of IP's in the same subnet assigned to your outside interface, or is this another subnet that the ISP is routing to you?
Either way, the syntax is the same:
 static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
 static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
 static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255
 static (inside,outside) <public IP4> <private IP4> netmask 255.255.255.255
<etc>

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Yves AccadNetwork Security Engineer
CERTIFIED EXPERT

Commented:
PIX has no problem natting. There is no limitation, you can NAT to as many IPs as your ip Block permits.

Author

Commented:
Thanks, lrmoore. That's exactly what I was looking for. I haven't purchased one yet, but soon will. To answer your question, it's another subnet my ISP is routing to me.

Author

Commented:
One more quick question regarding reverse NAT. In your example, would a machine on the internet would be able to access public IP1, 2, 3, 4 and their respective translations bound on the same interface?
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
As long as you create access-lists to permit it, yes these systems will be acessible by their public IP's from the world
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.