Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Fixing NAT entries

I have a Cisco 515e running 7.0(1) and one problem with the config of my NATs on my PIX is that the inside interface is not NATed. Rather just the subnet of my internal network. So when I try to add a NAT rule for a single host on that subnet I get: "This static port mapping rule is overlapping with a dynamic address translation rule for X.X.X.X/255.255.252.0 using global pool 1. Do you wish to proceed?" I suppose i could proceed without issue? In the end I would like to replace the subnet NAT using the inside interface, so that I don't receive this message every time i set up a static NAT. But i do not want to compromise breaking my security policies. Is it possible to insert the inside interface NAT and then remove the subnet NAT without breaking my Security Policies and causing too much disruption?

2 REPLIES

Re: Fixing NAT entries

You should experience only a brief disruption when you add nat inside and remove the static NAT configuration. You might want to be precise when you configure nat inside instead of nat anything to setup a more secure configuration. For example a more secure configuration would be nat (inside)1 10.1.1.0 255.255.255.0 instead of nat (inside) 1 0.0.0.0.

HTH

Sundar

Gold

Re: Fixing NAT entries

with changes i need (or want) to do during biz hours, i usually first type them up in my fav. text editor (textpad) and then copy/paste them into my fav. telnet/ssh client (securecrt).

in your case:

no nat (inside) 1 0 0

nat (inside) 1 10.1.1.0 255.255.255.0

clear xlate

...to build on sundar's example.

107
Views
0
Helpful
2
Replies
CreatePlease to create content