cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
469
Views
0
Helpful
2
Replies

Pix 501 nat pat multiple private networks

rhopkins_nci
Level 1
Level 1

I want to use pat on multiple vlans from our catalyst 4503. The vlan networks are 10.10.1.0/24, 10.10.2.0/24, etc. Would the inside (nat) 1 just be 10.10.0.0/16 on the pix? But the inside pix int is 10.10.1.2, so not sure that the /16 mask would work. If not, any ideas? Thanks in advance and if anymore info is needed, let me know.

2 Replies 2

rajbhatt
Level 3
Level 3

Hi,

If u want the nat the entire inside address :

nat(inside) 0 0

global(outside) 1 interface and add access lists on the inside interface to blcck unwanted traffic.

U could also use :

nat (inside )1 10.10.0.0 255.255.0.0

global( outside) 1 interface

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

global(outside) 1 interface

Plz make sure u have an inside route for the 10.10.2.0 network .

In case u want to use separte pat address then plz use :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 2 10.10.2.0 255.255.255.0

global (outside) 1 202.1.1.1

global(outside) 2 202.1.1.2 and the route statement to the 10.10.2.0 network

Raj

This config:

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

How many of the "nat (inside) 1 netid mask" can I have? I plan on having about 5 or 6 vlans. Do I just continue until 10.10.6.0? Thanks Raj

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: