GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: RE: NAT\Alias
From: "Jim" <systemboard@xxxxxxxxxx>
Date: Tue, 3 Dec 2002 22:50:49 -0500 (EST)

Since Justin brings up the alias command can someone explain the alias command with a real example?  I have read about alias on CCO and the explanation does not register.  I was under the impression the alias command had to do with not running DNS on an internal network and having illegal addressing on the inside.

Confused.

JT


 --- On Tue 12/03, Justin Menga  wrote:From: Justin Menga [mailto: Justin.Menga@xxxxxxxxxxxxxx]To: Brian.Ritchie@xxxxxxxxxxx, security@xxxxxxxxxxxxxxxxxx: Wed, 4 Dec 2002 15:00:37 +1300 Subject: RE: NAT'ing based on source AND destinationHi,

You can use the alias command for this.

Regards,
Justin

-----Original Message-----
From: Ritchie, Brian [mailto:Brian.Ritchie@xxxxxxxxxxx] 
Sent: Wednesday, December 04, 2002 5:23 AM
To: 'security@xxxxxxxxxxxxxx'
Subject: NAT'ing based on source AND destination


Hello all,

Is there any way on a pix to perform NAT based on source AND destination ?

For example, my internal network is 10.1.1.0/24 and I PAT all clients
leaving the internal network using the external interface IP address.
However, when an internal client wants to connect to a specific internet
host x.x.x.x I want to NAT to a different IP in my public address space.

I am aware of associating a nat rule with an access-list, but this is only
possible if you dont want to nat for VPN's etc (ie nat (inside) 0).

I've looked around and cant find any examples of how to do this, although I
have seen it done on other firewall implementations, using Checkpoint for
example.

Any help or work arounds are greatly appriciated.

FYI ...... I am using software version 6.1(4) and dont have any other
devices to perform further NATing above or below the firewall.

Thanks in advance, Brian


This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally privileged.
Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and they
must not be disclosed to, or used by, anyone other than the addressee.

If you have received this e-mail and any accompanying files in error, you
may not copy, publish or use them in any way and you should delete them from
your system and notify us immediately.

E-mails are not secure.  Delphis does not accept responsibility for changes
to e-mails that occur after they have been sent.

Any opinions expressed in this e-mail may be personal to the author and may
not necessarily reflect the opinions of Delphis.


_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Follow-Ups:
- Re: NAT\Alias
  - From: James
- Cat 6k IOS/CatOS
  - From: Michael Jia

Prev by Date: RE: encryption on gre tunnel
Next by Date: RE: NAT\Alias
Previous by thread: RE: How to hide/hash the clear-text ISAKMP pre-shared key in IOS config
Next by thread: Re: NAT\Alias
Index(es):
- Date
- Thread