Solved

Cisco PIX SNAT

Posted on 2008-10-31
5
934 Views
Last Modified: 2012-05-05
I did this once and didn't record how to do it..

What is the syntax for creating a SNAT in a pix?
Example: I have 1.1.1.1/29 as my outside IP pool. I have a global NAT outbound for 1.1.1.2. I want to SNAT 192.168.1.5 to 1.1.1.3 on port 3389.

How could I accomplish this?
0
Comment
Question by:jcs5003
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0
 
LVL 2

Author Comment

by:jcs5003
Comment Utility
Maybe I'm reading it wrong, but that looks like a DNAT to me. I need the (inside) address 192.168.1.5 to use 1.1.1.3 for outbound 3389.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
It depends on which side of the line you're on as to whether it is S or D NAT.
I understood that outside users will hit 1.1.1.3/3389 for RDP to server 192.168.1.5
If that is correct, then the command is correct. It is SNAT from the perspective of the 192.168.1.5 host and DNAT from the perspective of anything on the outside that can hit 1.1.1.3.
Any static pat/nat xlate is actually bi-directional
0
 
LVL 2

Author Comment

by:jcs5003
Comment Utility
static (inside,outside) tcp 192.168.1.5 3389 1.1.1.3 3389 netmask 255.255.255.255

Would NAT the inside address of 192.168.1.5 to 1.1.1.3 on 3389 outbound, correct?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
Comment Utility
No, this would...
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now