Re: Pix 515E Disabling PAT
- From: RG <nobody@xxxxxxxxxxx>
- Date: Fri, 11 May 2012 08:46:26 -0400
On 5/10/2012 10:20 AM, Marco Giuliani wrote:
On 09/05/2012 22:38, RG wrote:
The problem with this is if I am a client behind the firewall ieYes. You're right.
192.168.1.132 port 30456 connecting to server outside of the firewall ie
192.168.5.30 port 5060. I would like that the ip/port appearing to the
server should be the external ip of the firewall preserving original
port number ie 192.168.5.1 port 30456.
Now that you explain to me, when configuring exemption, I suppose,
firewall is routing packets.
In that case, the server never had a returnroute. I just changed it and it works.ok.
Is there a way to do this with just NAT and no PAT? Can you use static
statements for outbound connections? If so, how?
static (inside,outside) 192.168.5.132 192.168.1.132
"Static NAT allows bidirectional connection initiation, both to and from
the host (if an access rule exists that allows it). With dynamic NAT and
PAT, on the other hand, each host uses a different address or port for
each subsequent translation, so bidirectional initiation is not supported."
On the other hand, Everytime you map many real address (e.g. inside
subnet 192.168.1.0/24) to a single global address (e.g. interface public
address), pix firewall do port address traslation.
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface
This is excellent. Thanks for all your help.
- Prev by Date: Re: Pix 515E Disabling PAT
- Next by Date: Mac to VLAN mapping on Cisco switches
- Previous by thread: Re: Pix 515E Disabling PAT
- Next by thread: PBR problem