Pix 501 NAT with Local to Local IP address.

Good day all experts!!!
I have another easy question for you Cisco guys. I am just not seeing the right solution no matter what I try.

Issue:
I have a Pix 501.
Normal configuration with a few RDP connections nothing too exciting.
I set up an IPSEC site to site Tunnel. It is working great as far as connecting.
I have a server that is 192.168.102.1.
I have been requested to put in a NAT statement that points all traffic coming to 192.168.102.222 to NAT to 192.168.102.1.

I tried using a simple static command like:
static (inside,inside) 192.168.102.222 192.168.102.1
That doesn't seem to do the trick. I am rusty on the PIX as I haven't worked on one in a couple of years.

Request:
Lead me in the right direction of how to NAT  a local to a local address, where to put the commands what commands they are and so forth. An article on the subject would be great as well. Not just a NAT article but maybe a step by step.

I know that is a huge request in the details, but just any help at all would be appreciated.

Thank you!!!
LVL 2
sscottincanyonAsked:
Who is Participating?
 
Pete LongTechnical ConsultantCommented:
Im confused - you  cant NAT a local address to a Local address on the same interface what are you trying to do ?
0
 
sscottincanyonAuthor Commented:
Ok, well I didn't think so either, but I wanted to be sure.

Here is what I need:
I have an IPSEC tunnel setup between two locations.
I am at the main location.
The remote location needs to be able to hit 192.168.102.1, but going to the IP address 192.168.102.222. They already have a client setup on 192.168.102.1, so they requested that I NAT the traffic from 192.168.102.222 to 192.168.102.1, so that they are using 192.168.102.222 as the IP that they communicate with.

I hope that helps, I am so sorry for the confusion, please ask anything at all to help clarify it even more.

Thank you!!!
0
 
Jan SpringerCommented:
A shot in the dark:  192.168.102.222 is an available IP in your network:

Add 192.168.102.222 to the network interface card of your server as a secondary IP address and make sure that the app is either bound to any address or both addresses so that it's reachable.

If the secondary address does not arp on the pix, you can create an arp entry manually.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
rsivanandanCommented:
Jesper's comment above should solve the issue without having to work or make any configuration on the pix.

Cheers,
Rajesh
0
 
rsivanandanCommented:
Hey Pete,

  Looked at http://www.petenetlive.com/eeanswers/petelonganswers.html#ta5

How did ya do it man, gr8 one. Mind sharing ?

Cheers,
Rajesh
0
 
sscottincanyonAuthor Commented:
Ok here is what I did:
I was unable to get away with adding the secondary IP address to the card with what the remote customer wanted to do.
So I setup a ACL with the IP address and ports needed, and then added a static entry to that access list. Works like a charm.

I don't know how to give you the points, when clearly I didn't use the solution. So how about I just divide it all down the middle, since you did take the time to help me out, and I REALLY appreciate the time and energy you guys put into all this.

Thank you,
Shon R. Scott
www.websofknowledge.org
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.