Pix 501 nat pat multiple private networks

Unanswered Question
Sep 17th, 2007

I want to use pat on multiple vlans from our catalyst 4503. The vlan networks are 10.10.1.0/24, 10.10.2.0/24, etc. Would the inside (nat) 1 just be 10.10.0.0/16 on the pix? But the inside pix int is 10.10.1.2, so not sure that the /16 mask would work. If not, any ideas? Thanks in advance and if anymore info is needed, let me know.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rajbhatt Mon, 09/17/2007 - 20:28

Hi,

If u want the nat the entire inside address :

nat(inside) 0 0

global(outside) 1 interface and add access lists on the inside interface to blcck unwanted traffic.

U could also use :

nat (inside )1 10.10.0.0 255.255.0.0

global( outside) 1 interface

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

global(outside) 1 interface

Plz make sure u have an inside route for the 10.10.2.0 network .

In case u want to use separte pat address then plz use :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 2 10.10.2.0 255.255.255.0

global (outside) 1 202.1.1.1

global(outside) 2 202.1.1.2 and the route statement to the 10.10.2.0 network

Raj

rhopkins_nci Tue, 09/18/2007 - 04:47

This config:

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

How many of the "nat (inside) 1 netid mask" can I have? I plan on having about 5 or 6 vlans. Do I just continue until 10.10.6.0? Thanks Raj

Actions

This Discussion