Solved

Cisco Pix One-to-One NAT

Posted on 2006-10-23
5
1,291 Views
Last Modified: 2007-11-27
I have several internal private ip's I need to NAT out using One-to-One address tranlations to public ip's. Will a Pix allow me bind (alias) several public ip addresses to a single interface? If so, what is the maximum number of aliases supported per interface? If not, is there a device better suited for the situation that offers basic firewall functionality?
0
Comment
Question by:lhaynes
  • 2
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17792033
Yes, you can. there is no specific limit.
You can even do 1-1 network translations.
i.e.  10.10.10.0 /24 to 12.34.56.0 /25 where:
 10.10.10.1 = 12.34.56.1
 10.10.10.2 = 12.34.45.2
 <etc>
what version PIX OS are you running?
Are these private IP's part of the same block of IP's in the same subnet assigned to your outside interface, or is this another subnet that the ISP is routing to you?
Either way, the syntax is the same:
 static (inside,outside) <public IP1> <private IP1> netmask 255.255.255.255
 static (inside,outside) <public IP2> <private IP2> netmask 255.255.255.255
 static (inside,outside) <public IP3> <private IP3> netmask 255.255.255.255
 static (inside,outside) <public IP4> <private IP4> netmask 255.255.255.255
<etc>

0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17792042
PIX has no problem natting. There is no limitation, you can NAT to as many IPs as your ip Block permits.
0
 

Author Comment

by:lhaynes
ID: 17792165
Thanks, lrmoore. That's exactly what I was looking for. I haven't purchased one yet, but soon will. To answer your question, it's another subnet my ISP is routing to me.
0
 

Author Comment

by:lhaynes
ID: 17792201
One more quick question regarding reverse NAT. In your example, would a machine on the internet would be able to access public IP1, 2, 3, 4 and their respective translations bound on the same interface?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17792223
As long as you create access-lists to permit it, yes these systems will be acessible by their public IP's from the world
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Radius Debug Error 16 58
Botnet detection help me please 21 85
Is WiFi half-duplex or Full -duplex 4 33
Viber-Only Restriction 6 26
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now