Rich Myerly
07-25-2004, 01:41 AM
I have a need to do static source NAT for a single server on my inside
interface. The concern I have is that I must do this outbound to two
separate outside (lower security) interfaces. Here is my target
approach (IPs changed):
inside src 10.2.3.4 nat to 172.3.4.5 outbound on outside interface
inside src 10.2.3.4 nat to 172.3.4.5 outbound on outside2 interface
inside interface 10.2.3.1/28
outside interface 192.168.10.1/29 (towards internet)
I have done this previous with inbound destination NAT using statics,
but I get an error message when I try to do this via PDM (PIX 6.31, PDM
3.0) for outbound source NAT. Today, the source NAT is being done by
another device on the inside network, but it has to be moved to the
firewall now.
Thoughts? Which command do I use for this approach (static,
NAT/global), and do I create a routing problem for myself?
Thanks in advance for your assistance.
Rich
interface. The concern I have is that I must do this outbound to two
separate outside (lower security) interfaces. Here is my target
approach (IPs changed):
inside src 10.2.3.4 nat to 172.3.4.5 outbound on outside interface
inside src 10.2.3.4 nat to 172.3.4.5 outbound on outside2 interface
inside interface 10.2.3.1/28
outside interface 192.168.10.1/29 (towards internet)
I have done this previous with inbound destination NAT using statics,
but I get an error message when I try to do this via PDM (PIX 6.31, PDM
3.0) for outbound source NAT. Today, the source NAT is being done by
another device on the inside network, but it has to be moved to the
firewall now.
Thoughts? Which command do I use for this approach (static,
NAT/global), and do I create a routing problem for myself?
Thanks in advance for your assistance.
Rich