Cisco PIX 500 Series Configuration Manual page 337

Chapter 17 Configuring NAT
Figure 17-18
10.1.2.28
See the following commands for this example:
hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0
hostname(config)# global (outside) 1 209.165.201.3-209.165.201.4
hostname(config)# global (outside) 1 209.165.201.5
For outside NAT (from outside to inside), you need to use the outside keyword in the nat command. If
you also want to translate the same traffic when it accesses an outside interface (for example, traffic on
a DMZ is translated when accessing the Inside and the Outside interfaces), then you must configure a
separate nat command without the outside option. In this case, you can identify the same addresses in
both statements and use the same NAT ID (see
to Inside interface), the inside host uses a static command to allow outside access, so both the source
and destination addresses are translated.
OL-12172-03
NAT and PAT Together
Translation
10.1.2.27 209.165.201.3
Translation
209.165.201.4
Web Server:
www.cisco.com
Outside
Global 1: 209.165.201.3-
209.165.201.4
Global 1: 209.165.201.5
10.1.2.29
NAT 1: 10.1.2.0/24
Inside
10.1.2.27 10.1.2.29
10.1.2.28
Figure 17-19). Note that for outside NAT (DMZ interface
Cisco Security Appliance Command Line Configuration Guide
Using Dynamic NAT and PAT
Translation
209.165.201.5:6096
17-21