NAT to an ip address that isn't directly connected to a PIX 515

davefrag · Mar 27, 2012

Can an ip address be NAT'ed to an ip address on a PIX 515 which isn't an ip address of a network directly connected to an interface on the PIX 515?

Specifically, can a host with an ip address of 150.140.102.3/26 which is connected to a network whose PIX 515 firewall interface is 150.140.102.1/26 be NAT'ed to an ip address of 150.90.70.1/24 which is not a ip address of an interface that is dierctly connected to that same PIX 515?

ADB100 · Mar 29, 2012

I am not sure you have explained the scenario too well but here goes....

So you have an Inside host (150.140.102.3/26) directly connected to a PIX 515. The PIX 515 is the hosts gateway and its address is 150.140.102.1/26. The PIX has another interface which goes (maybe?) to the Internet. I assume there is a router connected to this interface and it has routes pointing to the PIX? If the routes cover network 150.90.70.1/32 then yes you can do the NAT you want.
The PIX will just receive the native packet with a destination IP address of 150.90.70.1 and will translate it to 150.140.102.3 before forwarding it out its 150.90.70.1 interface (assuming there are rules allowing it).

Andy

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

NAT to an ip address that isn't directly connected to a PIX 515

davefrag

IS-IT--Management

ADB100

Technical User

Similar threads

Part and Inventory Search

Sponsor