From: Frank Wells (fwells11@hotmail.com)
Date: Fri Sep 16 2005 - 12:36:40 GMT-3
I have just inherited a PIX that uses Nat0 becuase the company uses public
ip addressing on their LAN. I am in the middle of converting them over to
private (RFC 1918) addressing and have a subnet I now need to allow a static
translation to. I have 4 internal subnets that I am using right now and
the statements to give them Internet access are:
nat (inside) 2 10.170.139.0 255.255.255.0 0 0
nat (inside) 2 10.170.140.0 255.255.255.0 0 0
nat (inside) 2 10.170.141.0 255.255.255.0 0 0
nat (inside) 2 10.170.142.0 255.255.255.0 0 0
I need to static the device on 10.170.139.44 to a public ip address. All
the public address space is currently Nat0 but I need to use one of the
addresses for the static nat.
I tried using these statements but don't know why they work.
For reference, here are the existing statements which Nat0 the exisiting
address space:
nat (inside) 0 access-list nonat
access-list nonat permit ip 206.171.109.128 255.255.255.128 any
access-list nonat permit ip 206.170.226.128 255.255.255.128 any
access-list nonat permit ip 206.171.90.128 255.255.255.192 any
static (inside,outside) 206.170.226.193 10.170.139.44 netmask
255.255.255.255 0 0
conduit permit tcp host 206.170.226.193 eq www any
Once I get the web access working over the static nat I will nail it down to
specific source addresses but I can't even get wide open access to work.
I can ping the 10.170.139.44 device from the PIX so internal routing is
working fine.
My thoughts are that because the Ip address I want to use falls within the
Nat0 range it is causing a problem. Can I exclude it from the Nat0 range
and if so how?
Could use some help please fellas...
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3