Section 9.0: IP Services and Protocol-Independent Features

9.1. Network Address Translation (NAT)

  1. Configure NAT on PIX for VLAN2 to 164.15.4.20, as demonstrated in the following example:

    access-list nonat permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
    nat (inside) 0 access-list nonat
    nat (inside) 2 10.1.1.0 255.255.255.0 0 0
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    global (outside) 1 164.15.4.254
    global (outside) 2 164.15.4.20
    
    
    
    ! Ping from R1 to anywhere on the network sourcing from VLAN2 network.
    ! eg 22.22.22.22
    
    r1#ping ip
    Target IP address: 22.22.22.22
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: 10.1.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.