Solved

CISCO PIX 520

Posted on 2014-04-23
3
41 Views
Last Modified: 2015-09-09
I'm creating a tunnel  but 4 IP address needs to be natted, What is the command for natting one ip to another ip considering it 4 IP. The rest were working  and doesn't need to be natted.

should i issue a command per single IP?
0
Comment
Question by:vegbang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019190
From a management and security aspect you should have a nat for each IP instance. That way you can add the ACL's, Policies and other items onto each Nat in the future. Especially if something was needed to change.

The CLI command is

nat (if_name) nat_id local_ip [netmask]

So an example display would be nat (inside) 1 10.10.0.0 255.255.0.0
0
 

Author Comment

by:vegbang
ID: 40019274
should i create an object-group? here is what happen i have 10 IP needs to have a tunnel . Then 4 of it have a duplicate IP on the other side , i have created a NAT before but its all the network (10.3.6.0  nat to 192.3.6.0) but now i they are requiring me to do a NAT on that 4 IP.

ex.

10.3.7.1 nat to 192.168.4.2
10.3.7.3 nat to 192.168.4.6
 10.3.7.5 nat to 192.168.4.7
10.3.7.6 nat to 192.168.4.9

im confuse now. Should i use this command
access-list VPN_TEST_NAT permit ip 10.3.7.0 255.255.255.0 192.168.4.0 255.255.255.0
static (inside,outside) 192.168.4.0 access-list VPN_SQL_NAT


or
i will create on each IP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40019532
A PIX 520? Im all misty eyed, I didn't think any were left in production?

This looks like VPN traffic - by default its probably being no natted (nat0)

show run nat

will tell you?

What OS is the firewall running? if its 520 It might be still running v6?

show ver

will tell you.

Pete
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question