Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 47
  • Last Modified:

CISCO PIX 520

I'm creating a tunnel  but 4 IP address needs to be natted, What is the command for natting one ip to another ip considering it 4 IP. The rest were working  and doesn't need to be natted.

should i issue a command per single IP?
0
vegbang
Asked:
vegbang
1 Solution
 
RafaelCommented:
From a management and security aspect you should have a nat for each IP instance. That way you can add the ACL's, Policies and other items onto each Nat in the future. Especially if something was needed to change.

The CLI command is

nat (if_name) nat_id local_ip [netmask]

So an example display would be nat (inside) 1 10.10.0.0 255.255.0.0
0
 
vegbangAuthor Commented:
should i create an object-group? here is what happen i have 10 IP needs to have a tunnel . Then 4 of it have a duplicate IP on the other side , i have created a NAT before but its all the network (10.3.6.0  nat to 192.3.6.0) but now i they are requiring me to do a NAT on that 4 IP.

ex.

10.3.7.1 nat to 192.168.4.2
10.3.7.3 nat to 192.168.4.6
 10.3.7.5 nat to 192.168.4.7
10.3.7.6 nat to 192.168.4.9

im confuse now. Should i use this command
access-list VPN_TEST_NAT permit ip 10.3.7.0 255.255.255.0 192.168.4.0 255.255.255.0
static (inside,outside) 192.168.4.0 access-list VPN_SQL_NAT


or
i will create on each IP?
0
 
Pete LongTechnical ConsultantCommented:
A PIX 520? Im all misty eyed, I didn't think any were left in production?

This looks like VPN traffic - by default its probably being no natted (nat0)

show run nat

will tell you?

What OS is the firewall running? if its 520 It might be still running v6?

show ver

will tell you.

Pete
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now