Folks, In PIX v 6.0 Cisco introduces the concept of full bi-directional NAT. Put a PIX between two internetworks that have overlapping address domains and you can NAT specific resources in either direction. If you use alias you would also need to conduit to work around ASA. It can be done, but bi directional NAT is cleaner. Regards, Brian At 04:40 AM 4/27/2001 +0000, Firewalls-Digest wrote: >Date: Thu, 26 Apr 2001 10:00:28 -0400 >From: Paul Gracy <[EMAIL PROTECTED]> >Subject: RE: PIX address translation in multiple directions > >I wonder if there is a way to accomplish this via the 'alias' command in PIX >IOS. I've only been sort of following this thread, so I don't know for >sure. Also, you might be able to cheat by putting a screening router inside >the PIX on one side and using it for NAT ..... > >network 82 - router translates that to network 92 - pix - network 102 > >The PIX now only has to NAT the 102, not the 92 since it's already NAT'd by >the router. Sort of a square peg / big hammer approach, but... > >- -----Original Message----- >From: Carson Gaspar [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, April 25, 2001 5:31 PM >To: Whelpley, Corey; '[EMAIL PROTECTED]' >Cc: [EMAIL PROTECTED] >Subject: Re: PIX address translation in multiple directions > > >The ability you want is what some vendors call "illegal NAT". It is most >commonly used to handle the case where 2 companies are using the same >reserved address space, and each needs to be NAT'd into some neutral space >to the other. > >To the best of my knowledge, the PIX does _not_ have a means of doing this, >at least in 5.3(1). If I'm wrong, please let me know, as this would be a >very useful feature. > >- -- >Carson Gaspar - [EMAIL PROTECTED] >Queen trapped in a butch body >- - >[To unsubscribe, send mail to [EMAIL PROTECTED] with >"unsubscribe firewalls" in the body of the message.] >- - >[To unsubscribe, send mail to [EMAIL PROTECTED] with >"unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
