GroupStudy.com GroupStudy.com - A virtual community of network engineers
Home BookStore StudyNotes Links Archives StudyRooms HelpWanted Discounts Login
Re: NAT'ing based on source AND destination posted 12/03/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next] 
PIX OS 6.2 can do bi-directional NAT. But only from outside to inside,
don't know whether it can be used in your case.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/relnotes/pixrn622.htm#xtocid17

>From: "Ritchie, Brian" >Reply-To: "Ritchie, Brian" >To:
"'security@xxxxxxxxxxxxxx'" >Subject: NAT'ing based on source AND
destination >Date: Tue, 3 Dec 2002 16:23:06 -0000 > >Hello all, > >Is
there any way on a pix to perform NAT based on source AND destination ? >
>For example, my internal network is 10.1.1.0/24 and I PAT all clients
>leaving the internal network using the external interface IP address.
>However, when an internal client wants to connect to a specific internet
>host x.x.x.x I want to NAT to a different IP in my public address space.
> >I am aware of associating a nat rule with an access-list, but this is
only >possible if you dont want to nat for VPN's etc (ie nat (inside) 0).
> >I've looked around and cant find any examples of how to do this,
although I >have seen it done on other firewall implementations, using
Checkpoint for >example. > >Any help or work arounds are greatly
appriciated. > >FYI ...... I am using software version 6.1(4) and dont
have any other >devices to perform further NATing above or below the
firewall. > >Thanks in advance, Brian > > >This e-mail and any files
transmitted with it are intended solely for the >addressee and are
confidential. They may also be legally privileged. >Copyright in them is
reserved by Delphis Consulting PLC ["Delphis"] and >they must not be
disclosed to, or used by, anyone other than the addressee. > >If you have
received this e-mail and any accompanying files in error, you >may not
copy, publish or use them in any way and you should delete them >from
your system and notify us immediately. > >E-mails are not secure. Delphis
does not accept responsibility for changes >to e-mails that occur after
they have been sent. > >Any opinions expressed in this e-mail may be
personal to the author >and may not necessarily reflect the opinions of
Delphis.

------------------------------------------------------------------------

the new MSN 8 and get 2 months FREE*