sscottincanyon
asked on
Pix 501 NAT with Local to Local IP address.
Good day all experts!!!
I have another easy question for you Cisco guys. I am just not seeing the right solution no matter what I try.
Issue:
I have a Pix 501.
Normal configuration with a few RDP connections nothing too exciting.
I set up an IPSEC site to site Tunnel. It is working great as far as connecting.
I have a server that is 192.168.102.1.
I have been requested to put in a NAT statement that points all traffic coming to 192.168.102.222 to NAT to 192.168.102.1.
I tried using a simple static command like:
static (inside,inside) 192.168.102.222 192.168.102.1
That doesn't seem to do the trick. I am rusty on the PIX as I haven't worked on one in a couple of years.
Request:
Lead me in the right direction of how to NAT a local to a local address, where to put the commands what commands they are and so forth. An article on the subject would be great as well. Not just a NAT article but maybe a step by step.
I know that is a huge request in the details, but just any help at all would be appreciated.
Thank you!!!
I have another easy question for you Cisco guys. I am just not seeing the right solution no matter what I try.
Issue:
I have a Pix 501.
Normal configuration with a few RDP connections nothing too exciting.
I set up an IPSEC site to site Tunnel. It is working great as far as connecting.
I have a server that is 192.168.102.1.
I have been requested to put in a NAT statement that points all traffic coming to 192.168.102.222 to NAT to 192.168.102.1.
I tried using a simple static command like:
static (inside,inside) 192.168.102.222 192.168.102.1
That doesn't seem to do the trick. I am rusty on the PIX as I haven't worked on one in a couple of years.
Request:
Lead me in the right direction of how to NAT a local to a local address, where to put the commands what commands they are and so forth. An article on the subject would be great as well. Not just a NAT article but maybe a step by step.
I know that is a huge request in the details, but just any help at all would be appreciated.
Thank you!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jesper's comment above should solve the issue without having to work or make any configuration on the pix.
Cheers,
Rajesh
Cheers,
Rajesh
Hey Pete,
Looked at http://www.petenetlive.com/eeanswers/petelonganswers.html#ta5
How did ya do it man, gr8 one. Mind sharing ?
Cheers,
Rajesh
Looked at http://www.petenetlive.com/eeanswers/petelonganswers.html#ta5
How did ya do it man, gr8 one. Mind sharing ?
Cheers,
Rajesh
ASKER
Ok here is what I did:
I was unable to get away with adding the secondary IP address to the card with what the remote customer wanted to do.
So I setup a ACL with the IP address and ports needed, and then added a static entry to that access list. Works like a charm.
I don't know how to give you the points, when clearly I didn't use the solution. So how about I just divide it all down the middle, since you did take the time to help me out, and I REALLY appreciate the time and energy you guys put into all this.
Thank you,
Shon R. Scott
www.websofknowledge.org
I was unable to get away with adding the secondary IP address to the card with what the remote customer wanted to do.
So I setup a ACL with the IP address and ports needed, and then added a static entry to that access list. Works like a charm.
I don't know how to give you the points, when clearly I didn't use the solution. So how about I just divide it all down the middle, since you did take the time to help me out, and I REALLY appreciate the time and energy you guys put into all this.
Thank you,
Shon R. Scott
www.websofknowledge.org
ASKER
Here is what I need:
I have an IPSEC tunnel setup between two locations.
I am at the main location.
The remote location needs to be able to hit 192.168.102.1, but going to the IP address 192.168.102.222. They already have a client setup on 192.168.102.1, so they requested that I NAT the traffic from 192.168.102.222 to 192.168.102.1, so that they are using 192.168.102.222 as the IP that they communicate with.
I hope that helps, I am so sorry for the confusion, please ask anything at all to help clarify it even more.
Thank you!!!