02-15-2007 10:51 AM - edited 03-11-2019 02:34 AM
Can you NAT an internal IP to the external interface IP? I'm used to doing this on sidewinders but it's giving me an overlap error
Thanks
02-15-2007 10:54 AM
Yes, you can translate whole of your internal network to the external interface IP. What is the error you are recieving?
02-15-2007 12:08 PM
Error: 204.34.211.97-204.34.211.97 overlaps with outside interface address
02-15-2007 12:29 PM
if you want to hide the internal network to
the External interface ip address of the
firewall, Linux called IP masquerading,
Checkpoint called it "hide" NAT and cisco
refers to it a Port Address Translation (PAT):
nat (inside) 1 0 0
global (outside) 1 interface
02-15-2007 12:40 PM
I just did
nat (inside) 1 192.168.1.10 255.255.255.255
global (outside) 1 interface
the ip is still coming out with 192.168.1.10(example only) do the static(inside,outside) entries override the global?
02-15-2007 01:34 PM
If you have a one-to-one static for this IP address, it will take precedence over normal nat/global configuration. Here is the order of NAT operations-
1) nat 0 access-list (nat-exempt)
2) match against existing xlates
3) static
a) static nat with and without access-list (first match)
b) static pat with and without access-list (first match)
4) nat
a) nat
Note: nat 0 access-list is not part of this command.
b) nat
Note: When choosing a global address from multiple pools with
the same nat id, the following order is tried
i) if the id is 0, create an identity xlate.
ii) use the global pool for dynamic NAT
iii) use the global pool for dynamic PAT
5) Error
02-15-2007 04:39 PM
Hello!
Where can I find in the Documentation this important notes about NAT order of operation?
Thanks,
Lorenz
02-15-2007 04:46 PM
You can find this order over here-
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#wp1032129
Though above link is based on 6.x code, the order of nat operations is still the same in 7.x code. I hope this answers all your concers :-)
02-15-2007 04:57 PM
This is great! Thank you Sir!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide