Greetings all, and thank you for taking the time to read this thread! I have two NAT questions for you today: I am replacing a Cisco PIX with an Astaro base firewall. I have a class C world-routable subnet on the external interface (they were given the address space when the getting was good). The PIX that I am replacing currently will NAT any internal address to a range of external IP addresses, rather than a single IP address. I didn't see any clear way to accomplish this using the Masquerade section. Has anyone done this or have any advice on how I might accomplish this? I am trying to replicate the same behavior as the PIX in regards to static NAT. I want to redirect incoming requests on a specific external IP address to an internal host. I also want this internal host to appear as though it is that same external Ip address when initiating communication outbound. I assume I have to use 2 statements (one for DNAT of the incoming requests and one for SNAT of the outgoing requests) but that didn't work too well. Do I accomplish this via a DNAT and a Masquerade? Any help and / or advice is much appreciated. Thanks! Dave

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco PIX style NAT?

isomtech over 15 years ago

Greetings all, and thank you for taking the time to read this thread!
I have two NAT questions for you today:

I am replacing a Cisco PIX with an Astaro base firewall. I have a class C world-routable subnet on the external interface (they were given the address space when the getting was good). The PIX that I am replacing currently will NAT any internal address to a range of external IP addresses, rather than a single IP address. I didn't see any clear way to accomplish this using the Masquerade section. Has anyone done this or have any advice on how I might accomplish this?
I am trying to replicate the same behavior as the PIX in regards to static NAT. I want to redirect incoming requests on a specific external IP address to an internal host. I also want this internal host to appear as though it is that same external Ip address when initiating communication outbound. I assume I have to use 2 statements (one for DNAT of the incoming requests and one for SNAT of the outgoing requests) but that didn't work too well. Do I accomplish this via a DNAT and a Masquerade?

Any help and / or advice is much appreciated.
Thanks!
Dave

This thread was automatically locked due to age.

Parents

Reply

Children

No Data