• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 45
  • Last Modified:

CISCO PIX 520

I'm creating a tunnel  but 4 IP address needs to be natted, What is the command for natting one ip to another ip considering it 4 IP. The rest were working  and doesn't need to be natted.

should i issue a command per single IP?
0
vegbang
Asked:
vegbang
1 Solution
 
RafaelCommented:
From a management and security aspect you should have a nat for each IP instance. That way you can add the ACL's, Policies and other items onto each Nat in the future. Especially if something was needed to change.

The CLI command is

nat (if_name) nat_id local_ip [netmask]

So an example display would be nat (inside) 1 10.10.0.0 255.255.0.0
0
 
vegbangAuthor Commented:
should i create an object-group? here is what happen i have 10 IP needs to have a tunnel . Then 4 of it have a duplicate IP on the other side , i have created a NAT before but its all the network (10.3.6.0  nat to 192.3.6.0) but now i they are requiring me to do a NAT on that 4 IP.

ex.

10.3.7.1 nat to 192.168.4.2
10.3.7.3 nat to 192.168.4.6
 10.3.7.5 nat to 192.168.4.7
10.3.7.6 nat to 192.168.4.9

im confuse now. Should i use this command
access-list VPN_TEST_NAT permit ip 10.3.7.0 255.255.255.0 192.168.4.0 255.255.255.0
static (inside,outside) 192.168.4.0 access-list VPN_SQL_NAT


or
i will create on each IP?
0
 
Pete LongTechnical ConsultantCommented:
A PIX 520? Im all misty eyed, I didn't think any were left in production?

This looks like VPN traffic - by default its probably being no natted (nat0)

show run nat

will tell you?

What OS is the firewall running? if its 520 It might be still running v6?

show ver

will tell you.

Pete
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now