Section 9.0: IP Services and Protocol-Independent Features

9.1. Network Address Translation (NAT)

  1. Configure NAT on PIX for VLAN2 to 164.15.4.20, as demonstrated in the following example:

    access-list nonat permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
    nat (inside) 0 access-list nonat
    nat (inside) 2 10.1.1.0 255.255.255.0 0 0
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    global (outside) 1 164.15.4.254
    global (outside) 2 164.15.4.20
    
    
    
    ! Ping from R1 to anywhere on the network sourcing from VLAN2 network.
    ! eg 22.22.22.22
    
    r1#ping ip
    Target IP address: 22.22.22.22
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: 10.1.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply ...

Get CCIE Security Practice Labs now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.