Solved

Cisco PIX SNAT

Posted on 2008-10-31
5
943 Views
Last Modified: 2012-05-05
I did this once and didn't record how to do it..

What is the syntax for creating a SNAT in a pix?
Example: I have 1.1.1.1/29 as my outside IP pool. I have a global NAT outbound for 1.1.1.2. I want to SNAT 192.168.1.5 to 1.1.1.3 on port 3389.

How could I accomplish this?
0
Comment
Question by:jcs5003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855585
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0
 
LVL 2

Author Comment

by:jcs5003
ID: 22857919
Maybe I'm reading it wrong, but that looks like a DNAT to me. I need the (inside) address 192.168.1.5 to use 1.1.1.3 for outbound 3389.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22858692
It depends on which side of the line you're on as to whether it is S or D NAT.
I understood that outside users will hit 1.1.1.3/3389 for RDP to server 192.168.1.5
If that is correct, then the command is correct. It is SNAT from the perspective of the 192.168.1.5 host and DNAT from the perspective of anything on the outside that can hit 1.1.1.3.
Any static pat/nat xlate is actually bi-directional
0
 
LVL 2

Author Comment

by:jcs5003
ID: 22859626
static (inside,outside) tcp 192.168.1.5 3389 1.1.1.3 3389 netmask 255.255.255.255

Would NAT the inside address of 192.168.1.5 to 1.1.1.3 on 3389 outbound, correct?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 22861170
No, this would...
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question