09-17-2007 06:43 PM - edited 03-11-2019 04:12 AM
I want to use pat on multiple vlans from our catalyst 4503. The vlan networks are 10.10.1.0/24, 10.10.2.0/24, etc. Would the inside (nat) 1 just be 10.10.0.0/16 on the pix? But the inside pix int is 10.10.1.2, so not sure that the /16 mask would work. If not, any ideas? Thanks in advance and if anymore info is needed, let me know.
09-17-2007 08:28 PM
Hi,
If u want the nat the entire inside address :
nat(inside) 0 0
global(outside) 1 interface and add access lists on the inside interface to blcck unwanted traffic.
U could also use :
nat (inside )1 10.10.0.0 255.255.0.0
global( outside) 1 interface
But a better config would be :
nat (inside) 1 10.10.1.0 255.255.255.0
nat (inside) 1 10.10.2.0 255.255.255.0
global(outside) 1 interface
Plz make sure u have an inside route for the 10.10.2.0 network .
In case u want to use separte pat address then plz use :
nat (inside) 1 10.10.1.0 255.255.255.0
nat (inside) 2 10.10.2.0 255.255.255.0
global (outside) 1 202.1.1.1
global(outside) 2 202.1.1.2 and the route statement to the 10.10.2.0 network
Raj
09-18-2007 04:47 AM
This config:
But a better config would be :
nat (inside) 1 10.10.1.0 255.255.255.0
nat (inside) 1 10.10.2.0 255.255.255.0
How many of the "nat (inside) 1 netid mask" can I have? I plan on having about 5 or 6 vlans. Do I just continue until 10.10.6.0? Thanks Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: