Anyone know of a way to take a source block and NAT it to a single IP coming into the PIX?
Example (arbitrary IPs):
Connection:
207.75.75.0/24 to
10.75.75.75
NAT:
10.20.20.20 to
10.20.20.21I can NAT the source and destination on a 'per IP' level:
------------------------------
access-list NATtest1 extended permit ip host
207.75.75.35 host
10.75.75.75access-list test1NAT extended permit ip host
10.20.20.21 host
10.20.20.20static (outside,inside)
10.20.20.20 access-list NATtest1
static (inside,outside)
10.75.75.75 access-list testNAT
----------------------------------------
I won't get into the reasoning of this (beyond my control)... but just looking to see if there is a way to NAT the source of a block that is external to the PIX. I tried using a nat (outside) 30
207.75.75.0 255.255.255.0 and a global (inside) 30
10.20.20.20 but it didn't like the nat statement (shot back warning) and failed to NAT the source properly.
I know this probably shouldn't be done/needed on the PIX, but due to vendor issues and political vision, this would be the easiest in the short term if possible to accomplish.
Thanks for any input
- Ryan
