PIx nat/global config

Unanswered Question
Apr 23rd, 2007
User Badges:

Does the below config allow (just from a NAT perspective)hosts on the subnet to access servers on the subnet?

It this NATing the FTP interface to the address?

if so, would this over rule any access-list that was applied inbound to the FTP interface preventing anything from the subnet?

global (ftp) 1

nat (inside) 1 0 0

ip address inside

ip address ftp

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Frederick Reimer Mon, 04/23/2007 - 08:53
User Badges:

No, your global command should have an address in the subnet. (It could have another address, if the next-hop router had a route to the address pointing towards the "ftp" interface address, but we won't confuse things here). You could use the interface address itself for PAT.

You can't NAT an interface address.

Access lists always take precedence.

wilson_1234_2 Tue, 04/24/2007 - 18:06
User Badges:

This are the actual configuration components below. The actual Interface is, but the global is

If the interface already has an ip address,

What is the

ip address inside

ip address ftp

global (outside) 1 interface

global (inside) 3

global (ftp) 1

nat (outside) 0 access-list nonatoutside outside

nat (outside) 3 access-list pefcu outside 0 0

nat (inside) 0 access-list NO_NAT

nat (inside) 1 0 0


This Discussion