Section 9.0: IP Services and Protocol-Independent Features

9.1. Network Address Translation (NAT)

Configure NAT on PIX for VLAN2 to 164.15.4.20, as demonstrated in the following example:

access-list nonat permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 2 10.1.1.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 164.15.4.254
global (outside) 2 164.15.4.20



! Ping from R1 to anywhere on the network sourcing from VLAN2 network.
! eg 22.22.22.22

r1#ping ip
Target IP address: 22.22.22.22
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Section 9.0: IP Services and Protocol-Independent Features

9.1. Network Address Translation (NAT)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly