Configuring NAT from a Cisco PIX to PFsense



  • We are converting from a Cisco PIX 526 to PFsense. I need help on how to do the NAT configuring that we have on the PIX, to be same on PFsense. For example, on the PIX we define our NAT Inside 0 IP address and also Globe oustside ip address and also static (inside, outside). How do you do this on PFsense?



  • @cmal00:

    We are converting from a Cisco PIX 526 to PFsense. I need help on how to do the NAT configuring that we have on the PIX, to be same on PFsense.
    For example, on the PIX we define our NAT Inside 0 IP address and also Globe oustside ip address

    Pretty straight forward actually.

    To perform the global NAT you are basically already setup with the default configuration unless you have multple subnets on the LAN side -  then you have to define the subnets connected to the LAN side so they can pass through NAT as well. (same in the Cisco as well).

    You would define the subnets allowed to go through the firewall pretty much the same way as the Cisco does it (just different terminalogies used :) ).  Personally - I use the Aliases section [ Firewall -> Aliases ] in the Firewall setup section to create an alias for the network then use the alias name in the firewall rules  definitions (makes it easier to remember what is what when looking at the rulesets :) ) then setup a LAN rule in the Rules section [ Firewall -> Rules -> LAN ] to pass the specific network traffic.  Don't forget to specify the 'type' of traffic you want to allow through - you have more granularity than the Cisco PIX ( I too have both pfsense and pix firewalls running at work).

    and also static (inside, outside). How do you do this on PFsense?

    Take a look at the 1:1 NAT settings in the pfsense [ Firewall -> NAT -> 1:1 ] and it should make sense in that it is mostly configured the same as the Cisco 1:1 NAT if you are using the Cisco GUI interface (personally I use the cli interface but some don't).

    I hope this makes sense!

    gm…



  • We have 42 subnests. Here is a example of some.

    nat (inside) 12 10.12.0.0 255.255.0.0 0 0
    nat (inside) 13 10.13.0.0 255.255.0.0 0 0
    nat (inside) 14 10.14.0.0 255.255.0.0 0 0

    global (outside) 12 external ip netmask 255.255.255.224
    global (outside) 13 external ip netmask 255.255.255.224
    global (outside) 14 external ip netmask 255.255.255.224


Log in to reply