From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sat May 31 2003 - 23:15:03 GMT-3
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config
/bafwcfg.htm#1063701
Starting with PIX Firewall version 6.2, NAT and PAT can be applied to
traffic from an outside or less secure interface to an inside (more secure)
interface. This functionality is called Outside NAT
However I just tried it with 6.21 - no luck :(
ip address outside 172.16.10.10 255.255.255.0
ip address inside 172.16.50.1 255.255.255.0
global (inside) 1 interface
nat (outside) 1 172.16.10.64 255.255.255.192 outside 0 0
conduit permit ip any any
No translation group found for icmp src outside:172.16.10.100 dst
inside:172.16.50.5 (type 8, code 0)
> -----Original Message-----
> From: Dong Lin [mailto:dlin22@comcast.net
> Sent: Saturday, May 31, 2003 8:10 PM
> To: ccielab@groupstudy.com
> Subject: Re: PIX NAT??
>
>
> The answer to your question is no.
>
> nat and global is used to let traffic from high security
> interface to low
> security interface.
>
> You need to use static and acl to let traffic from the
> outside interface to
> the inside interface (nat is performed by static command)
>
>
> ----- Original Message -----
> From: "Michael Popovich" <michael625@cox.net>
> To: <ccielab@groupstudy.com>
> Sent: Saturday, May 31, 2003 4:19 AM
> Subject: PIX NAT??
>
>
> > Can you NAT from the Outside interface to the Inside interface?
> >
> > I have:
> >
> > nat (outside) 1 0.0.0.0 0.0.0.0
> > global (inside) 1 interface
> >
> > This doesn't seem to work for me, now I am wondering if it
> is possible.
> >
> > MP
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:50 GMT-3