Pix 501 NAT with Local to Local IP address.

Posted on 2007-08-01
Medium Priority
Last Modified: 2013-11-16
Good day all experts!!!
I have another easy question for you Cisco guys. I am just not seeing the right solution no matter what I try.

I have a Pix 501.
Normal configuration with a few RDP connections nothing too exciting.
I set up an IPSEC site to site Tunnel. It is working great as far as connecting.
I have a server that is
I have been requested to put in a NAT statement that points all traffic coming to to NAT to

I tried using a simple static command like:
static (inside,inside)
That doesn't seem to do the trick. I am rusty on the PIX as I haven't worked on one in a couple of years.

Lead me in the right direction of how to NAT  a local to a local address, where to put the commands what commands they are and so forth. An article on the subject would be great as well. Not just a NAT article but maybe a step by step.

I know that is a huge request in the details, but just any help at all would be appreciated.

Thank you!!!
Question by:sscottincanyon
LVL 58

Accepted Solution

Pete Long earned 1000 total points
ID: 19610202
Im confused - you  cant NAT a local address to a Local address on the same interface what are you trying to do ?

Author Comment

ID: 19610351
Ok, well I didn't think so either, but I wanted to be sure.

Here is what I need:
I have an IPSEC tunnel setup between two locations.
I am at the main location.
The remote location needs to be able to hit, but going to the IP address They already have a client setup on, so they requested that I NAT the traffic from to, so that they are using as the IP that they communicate with.

I hope that helps, I am so sorry for the confusion, please ask anything at all to help clarify it even more.

Thank you!!!
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1000 total points
ID: 19612757
A shot in the dark: is an available IP in your network:

Add to the network interface card of your server as a secondary IP address and make sure that the app is either bound to any address or both addresses so that it's reachable.

If the secondary address does not arp on the pix, you can create an arp entry manually.
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

LVL 32

Expert Comment

ID: 19638231
Jesper's comment above should solve the issue without having to work or make any configuration on the pix.

LVL 32

Expert Comment

ID: 19705200
Hey Pete,

  Looked at http://www.petenetlive.com/eeanswers/petelonganswers.html#ta5

How did ya do it man, gr8 one. Mind sharing ?


Author Comment

ID: 19827740
Ok here is what I did:
I was unable to get away with adding the secondary IP address to the card with what the remote customer wanted to do.
So I setup a ACL with the IP address and ports needed, and then added a static entry to that access list. Works like a charm.

I don't know how to give you the points, when clearly I didn't use the solution. So how about I just divide it all down the middle, since you did take the time to help me out, and I REALLY appreciate the time and energy you guys put into all this.

Thank you,
Shon R. Scott

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question