Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring NAT from a Cisco PIX to PFsense

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmal00
      last edited by

      We are converting from a Cisco PIX 526 to PFsense. I need help on how to do the NAT configuring that we have on the PIX, to be same on PFsense. For example, on the PIX we define our NAT Inside 0 IP address and also Globe oustside ip address and also static (inside, outside). How do you do this on PFsense?

      1 Reply Last reply Reply Quote 0
      • G
        gmckinney
        last edited by

        @cmal00:

        We are converting from a Cisco PIX 526 to PFsense. I need help on how to do the NAT configuring that we have on the PIX, to be same on PFsense.
        For example, on the PIX we define our NAT Inside 0 IP address and also Globe oustside ip address

        Pretty straight forward actually.

        To perform the global NAT you are basically already setup with the default configuration unless you have multple subnets on the LAN side -  then you have to define the subnets connected to the LAN side so they can pass through NAT as well. (same in the Cisco as well).

        You would define the subnets allowed to go through the firewall pretty much the same way as the Cisco does it (just different terminalogies used :) ).  Personally - I use the Aliases section [ Firewall -> Aliases ] in the Firewall setup section to create an alias for the network then use the alias name in the firewall rules  definitions (makes it easier to remember what is what when looking at the rulesets :) ) then setup a LAN rule in the Rules section [ Firewall -> Rules -> LAN ] to pass the specific network traffic.  Don't forget to specify the 'type' of traffic you want to allow through - you have more granularity than the Cisco PIX ( I too have both pfsense and pix firewalls running at work).

        and also static (inside, outside). How do you do this on PFsense?

        Take a look at the 1:1 NAT settings in the pfsense [ Firewall -> NAT -> 1:1 ] and it should make sense in that it is mostly configured the same as the Cisco 1:1 NAT if you are using the Cisco GUI interface (personally I use the cli interface but some don't).

        I hope this makes sense!

        gm…

        1 Reply Last reply Reply Quote 0
        • C
          cmal00
          last edited by

          We have 42 subnests. Here is a example of some.

          nat (inside) 12 10.12.0.0 255.255.0.0 0 0
          nat (inside) 13 10.13.0.0 255.255.0.0 0 0
          nat (inside) 14 10.14.0.0 255.255.0.0 0 0

          global (outside) 12 external ip netmask 255.255.255.224
          global (outside) 13 external ip netmask 255.255.255.224
          global (outside) 14 external ip netmask 255.255.255.224

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.