RE: [fw-wiz] PIX Firewall, Help with nemask use in NAT and Global comands

From: Victor Williams (vbwilliams_at_essvote.net)
Date: 05/07/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
    To: "'Melson, Paul'" <PMelson@sequoianet.com>, "'Adel Guia Cruz'" <aguia@fifomi.gob.mx>, <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 7 May 2004 08:26:55 -0500
    
    

    I think what he wants is (in additional to the global command):

    nat (inside) 1 192.168.10.10 netmask 255.255.255.255 0 0

     
    Victor Williams

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Melson, Paul
    Sent: Friday, May 07, 2004 7:57 AM
    To: Adel Guia Cruz; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] PIX Firewall, Help with nemask use in NAT and Global
    comands

    For PAT for outbound browsing, use:

    global (outside) 1 interface

    For your one-to-one NAT, you would typically use:

    static (inside,outside) 190.190.190.195 192.168.10.10 netmask
    255.255.255.255 0 0

    But I'm not sure I understand your question or your objection to using
    'static'. Are you saying that you want a public IP address outside the
    firewall to appear as an IP address on the local subnet?

    PaulM

    > -----Original Message-----
    > I want to translate only one IP address from inside, for
    > example 192.168.10.10, to one IP address from outside
    > 190.190.190.195, so static NAT from inside to outside will be
    > perform. I no want to use the static command because the
    > translation is from inside to outside.
    >
    > Inside -----------------NAT------------------> Outside
    > Host 192.168.10.10------NAT--------------> 190.190.190.195
    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"