pix firewall nat question

Unanswered Question
Feb 15th, 2008

Hi,

I'm learning to configure cisco pix firewallas and found following global NAT pool example in cisco page:

global (outside) 1 200.100.100.110-200.100.100.150 netmask 255.255.255.0

I'm wondering why cisco in examples netmask field is included besides the address range. (it is obvious when it is included beside single IP, but with address range it is something nonsensical )

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shivlu jain Sun, 02/17/2008 - 04:48

Its not a nonsensical because with the netmask you can define the range

regards

shivlu

simaskvilius Sun, 02/17/2008 - 04:52

What range ?

Range is already difined in statement 200.100.100.110-200.100.100.150 (from 110 to 150)

bmcginn Sun, 02/17/2008 - 15:01

What if you DON'T want to NAT 200.100.100.115/22?

The NAT statement 200.100.100.110-200.100.100.150 netmask 255.255.255.0 will only NAT 200.100.100.110-150/24.

It won't NAT the same IP address with a different mask. Therefore it allows for greater control over the NAT.

Hope that helps.

Actions

This Discussion