×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 6.3 NAT/PAT Question

Answered Question
Nov 25th, 2009
User Badges:

I currently have these statement in my config:


global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.67   
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224


This works fine, but I would like to have both nat statements translate to 192.168.10.5. Are the statements below the correct way to accomplish this?:



global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5   
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224


Thanks.

Correct Answer by Kureli Sankar about 7 years 8 months ago

Both globals cannot be the same. You will get this error message


"global for this range already exists"


All you need is the second "nat" line.That is all.


You have the following:


global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5    ------------->remove
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224 ------->change the ID from 61 to 1


You need the following:


global (outside) 1 192.168.10.5     
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 1 10.156.28.0 255.255.255.224

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Wed, 11/25/2009 - 15:38
User Badges:
  • Cisco Employee,

That is corrent.


Make sure 192.168.10.5 is not the interface ip address (it is probably not since it is working for the other global) and you will be ok.


I hope it helps.


PK

Correct Answer
Kureli Sankar Wed, 11/25/2009 - 18:34
User Badges:
  • Cisco Employee,

Both globals cannot be the same. You will get this error message


"global for this range already exists"


All you need is the second "nat" line.That is all.


You have the following:


global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5    ------------->remove
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224 ------->change the ID from 61 to 1


You need the following:


global (outside) 1 192.168.10.5     
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 1 10.156.28.0 255.255.255.224

Actions

This Discussion