Solved

CISCO PIX 520

Posted on 2014-04-23
3
40 Views
Last Modified: 2015-09-09
I'm creating a tunnel  but 4 IP address needs to be natted, What is the command for natting one ip to another ip considering it 4 IP. The rest were working  and doesn't need to be natted.

should i issue a command per single IP?
0
Comment
Question by:vegbang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019190
From a management and security aspect you should have a nat for each IP instance. That way you can add the ACL's, Policies and other items onto each Nat in the future. Especially if something was needed to change.

The CLI command is

nat (if_name) nat_id local_ip [netmask]

So an example display would be nat (inside) 1 10.10.0.0 255.255.0.0
0
 

Author Comment

by:vegbang
ID: 40019274
should i create an object-group? here is what happen i have 10 IP needs to have a tunnel . Then 4 of it have a duplicate IP on the other side , i have created a NAT before but its all the network (10.3.6.0  nat to 192.3.6.0) but now i they are requiring me to do a NAT on that 4 IP.

ex.

10.3.7.1 nat to 192.168.4.2
10.3.7.3 nat to 192.168.4.6
 10.3.7.5 nat to 192.168.4.7
10.3.7.6 nat to 192.168.4.9

im confuse now. Should i use this command
access-list VPN_TEST_NAT permit ip 10.3.7.0 255.255.255.0 192.168.4.0 255.255.255.0
static (inside,outside) 192.168.4.0 access-list VPN_SQL_NAT


or
i will create on each IP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40019532
A PIX 520? Im all misty eyed, I didn't think any were left in production?

This looks like VPN traffic - by default its probably being no natted (nat0)

show run nat

will tell you?

What OS is the firewall running? if its 520 It might be still running v6?

show ver

will tell you.

Pete
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question