Firewall Wizards mailing list archives
Re: PIX Firewall - Static NAT Entries
From: matt () neutrino cyberplex com
Date: Tue, 29 Dec 1998 16:53:36 -0600 (EST)
in reply to my own message, I have found out that this is not possible with the current version of the PIX fw software from a support person at Cisco Systems. The PIX firewall needs a one to one mapping for static entries. Also you cannot translate one external IP to another external IP. There is a nice command 'alias' for internal dual NAT, but unfortunately nothing for the external interface. /m@ On Mon, 28 Dec 1998, Matthew D. White wrote:
We have a PIX firewall, version 4(1)6 software. I would like to be able to translate a valid registered range of external IPs (ex. 207/24) to another range of valid external IPs (ex. 209/24) then the 209/24 IPs translate to private internal network numbers going out the inside interface. Currently the 207/24's translate to our 10/16 private network numbers. I would like to do this because our zone files have an expiry time far too high, and we will be losing the 207/24 before the expiry period of the zone files. I have of course now changed the zone file TTL but I would like to have all our 207's translate via the PIX to our new 209's so that the transition will be seemless. Does anyone know if this is possible? I experimented with options for the static command, and added conduits for the static entries as well, but with no luck. Any help would be greatly appreciated, please don't reply only to the list or I will not receive the email. Thank you very much. matt
Current thread:
- Re: PIX Firewall - Static NAT Entries matt (Jan 04)
- <Possible follow-ups>
- Re: PIX Firewall - Static NAT Entries Darren Reed (Jan 04)