Firewall Wizards mailing list archives
Re: PIX Firewall - Static NAT Entries
From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 30 Dec 1998 17:42:28 +1100 (EST)
In some email I received from Matthew D. White, sie wrote:
We have a PIX firewall, version 4(1)6 software. I would like to be able to translate a valid registered range of external IPs (ex. 207/24) to another range of valid external IPs (ex. 209/24) then the 209/24 IPs translate to private internal network numbers going out the inside interface. Currently the 207/24's translate to our 10/16 private network numbers. I would like to do this because our zone files have an expiry time far too high, and we will be losing the 207/24 before the expiry period of the zone files. I have of course now changed the zone file TTL but I would like to have all our 207's translate via the PIX to our new 209's so that the transition will be seemless. Does anyone know if this is possible? I experimented with options for the static command, and added conduits for the static entries as well, but with no luck. Any help would be greatly appreciated, please don't reply only to the list or I will not receive the email.
I helped out on a project locally which had a similar sort of requirement for static translation, except that it was a /11 and /10 into a /19 and /20. The result can be found in the most recent beta for IP Filter (3.2.11beta2). However, this was only applied to outgoing translations (standard NAT), and isn't yet there for the reverse case. Darren
Current thread:
- Re: PIX Firewall - Static NAT Entries matt (Jan 04)
- <Possible follow-ups>
- Re: PIX Firewall - Static NAT Entries Darren Reed (Jan 04)