Solved

Cisco PIX SNAT

Posted on 2008-10-31
5
944 Views
Last Modified: 2012-05-05
I did this once and didn't record how to do it..

What is the syntax for creating a SNAT in a pix?
Example: I have 1.1.1.1/29 as my outside IP pool. I have a global NAT outbound for 1.1.1.2. I want to SNAT 192.168.1.5 to 1.1.1.3 on port 3389.

How could I accomplish this?
0
Comment
Question by:jcs5003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22855585
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0
 
LVL 2

Author Comment

by:jcs5003
ID: 22857919
Maybe I'm reading it wrong, but that looks like a DNAT to me. I need the (inside) address 192.168.1.5 to use 1.1.1.3 for outbound 3389.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22858692
It depends on which side of the line you're on as to whether it is S or D NAT.
I understood that outside users will hit 1.1.1.3/3389 for RDP to server 192.168.1.5
If that is correct, then the command is correct. It is SNAT from the perspective of the 192.168.1.5 host and DNAT from the perspective of anything on the outside that can hit 1.1.1.3.
Any static pat/nat xlate is actually bi-directional
0
 
LVL 2

Author Comment

by:jcs5003
ID: 22859626
static (inside,outside) tcp 192.168.1.5 3389 1.1.1.3 3389 netmask 255.255.255.255

Would NAT the inside address of 192.168.1.5 to 1.1.1.3 on 3389 outbound, correct?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 22861170
No, this would...
static (inside,outside) tcp 1.1.1.3 3389 192.168.1.5 3389 netmask 255.255.255.255
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question