manual hide nat, how?

[wysiwyg21]

Simple config: NG FP two interface firewall. I have a network object, subnet 10.1.1.0/24. I want to use hide nat for http, translating the private addresses to a valid address of 172.16.1.2 ( external int on firewall is set at 172.16.1.1/24 ).

For automatic hide nat the network object has options for setting the valid address to be used. But, for manual nat how can I dictate that I want the private addresses of the network object translated to the valid address of 172.16.1.2?

 

[Piloria]

im not sure what you are refering to when you say manual NAT.
whenever you want to set up NAT rules use automatic NAT
put the internal address in the general properties and the valid external address in the NAT section
set translation setting to hide.

If you wanting to write the rule specificly then i can give instructions on that but i would recomend automatic NAT

 

[ChrisAC]

If you want to do it manually you just create objects for both the internal object and the external object and put those into the NAT rules. Original = internal object, translated = external object.

However, I would agree with Piloria that you are far better off just using automatic NAT within the internal object. Is there any reason that you don't want to do this?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[wysiwyg21]

Thanks for the responses. This is only an excersize so I can understand the capabilies of the product. The documentation I have does not elaborate on configuration for manual hide nat. However it does mention its use if you want to translate only for specific protocols ( http ). Once I get my eval running again I will try this. So, iproute, if I create a host object with addr 172.16.1.2, then add this as the translated source ( add hide ) my invalid source addresses will be translated to 172.16.1.2?