Solved

CISCO PIX 520

Posted on 2014-04-23
3
31 Views
Last Modified: 2015-09-09
I'm creating a tunnel  but 4 IP address needs to be natted, What is the command for natting one ip to another ip considering it 4 IP. The rest were working  and doesn't need to be natted.

should i issue a command per single IP?
0
Comment
Question by:vegbang
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019190
From a management and security aspect you should have a nat for each IP instance. That way you can add the ACL's, Policies and other items onto each Nat in the future. Especially if something was needed to change.

The CLI command is

nat (if_name) nat_id local_ip [netmask]

So an example display would be nat (inside) 1 10.10.0.0 255.255.0.0
0
 

Author Comment

by:vegbang
ID: 40019274
should i create an object-group? here is what happen i have 10 IP needs to have a tunnel . Then 4 of it have a duplicate IP on the other side , i have created a NAT before but its all the network (10.3.6.0  nat to 192.3.6.0) but now i they are requiring me to do a NAT on that 4 IP.

ex.

10.3.7.1 nat to 192.168.4.2
10.3.7.3 nat to 192.168.4.6
 10.3.7.5 nat to 192.168.4.7
10.3.7.6 nat to 192.168.4.9

im confuse now. Should i use this command
access-list VPN_TEST_NAT permit ip 10.3.7.0 255.255.255.0 192.168.4.0 255.255.255.0
static (inside,outside) 192.168.4.0 access-list VPN_SQL_NAT


or
i will create on each IP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40019532
A PIX 520? Im all misty eyed, I didn't think any were left in production?

This looks like VPN traffic - by default its probably being no natted (nat0)

show run nat

will tell you?

What OS is the firewall running? if its 520 It might be still running v6?

show ver

will tell you.

Pete
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now