Cisco PIX SNAT

I did this once and didn't record how to do it..

What is the syntax for creating a SNAT in a pix?
Example: I have 1.1.1.1/29 as my outside IP pool. I have a global NAT outbound for 1.1.1.2. I want to SNAT 192.168.1.5 to 1.1.1.3 on port 3389.

How could I accomplish this?
LVL 2
jcs5003Asked:
Who is Participating?
 
lrmooreCommented:
No, this would...
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0
 
lrmooreCommented:
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0
 
jcs5003Author Commented:
Maybe I'm reading it wrong, but that looks like a DNAT to me. I need the (inside) address 192.168.1.5 to use 1.1.1.3 for outbound 3389.
0
 
lrmooreCommented:
It depends on which side of the line you're on as to whether it is S or D NAT.
I understood that outside users will hit 1.1.1.3/3389 for RDP to server 192.168.1.5
If that is correct, then the command is correct. It is SNAT from the perspective of the 192.168.1.5 host and DNAT from the perspective of anything on the outside that can hit 1.1.1.3.
Any static pat/nat xlate is actually bi-directional
0
 
jcs5003Author Commented:
static (inside,outside) tcp 192.168.1.5 3389 1.1.1.3 3389 netmask 255.255.255.255

Would NAT the inside address of 192.168.1.5 to 1.1.1.3 on 3389 outbound, correct?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.