Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT help with PIX 7.0(1)

Can you NAT an internal IP to the external interface IP? I'm used to doing this on sidewinders but it's giving me an overlap error

Thanks

8 REPLIES
Silver

Re: NAT help with PIX 7.0(1)

Yes, you can translate whole of your internal network to the external interface IP. What is the error you are recieving?

New Member

Re: NAT help with PIX 7.0(1)

Error: 204.34.211.97-204.34.211.97 overlaps with outside interface address

New Member

Re: NAT help with PIX 7.0(1)

if you want to hide the internal network to

the External interface ip address of the

firewall, Linux called IP masquerading,

Checkpoint called it "hide" NAT and cisco

refers to it a Port Address Translation (PAT):

nat (inside) 1 0 0

global (outside) 1 interface

New Member

Re: NAT help with PIX 7.0(1)

I just did

nat (inside) 1 192.168.1.10 255.255.255.255

global (outside) 1 interface

the ip is still coming out with 192.168.1.10(example only) do the static(inside,outside) entries override the global?

Silver

Re: NAT help with PIX 7.0(1)

If you have a one-to-one static for this IP address, it will take precedence over normal nat/global configuration. Here is the order of NAT operations-

1) nat 0 access-list (nat-exempt)

2) match against existing xlates

3) static

a) static nat with and without access-list (first match)

b) static pat with and without access-list (first match)

4) nat

a) nat access-list (first match)

Note: nat 0 access-list is not part of this command.

b) nat

(best match)

Note: When choosing a global address from multiple pools with

the same nat id, the following order is tried

i) if the id is 0, create an identity xlate.

ii) use the global pool for dynamic NAT

iii) use the global pool for dynamic PAT

5) Error

New Member

Re: NAT help with PIX 7.0(1)

Hello!

Where can I find in the Documentation this important notes about NAT order of operation?

Thanks,

Lorenz

Silver

Re: NAT help with PIX 7.0(1)

You can find this order over here-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#wp1032129

Though above link is based on 6.x code, the order of nat operations is still the same in 7.x code. I hope this answers all your concers :-)

New Member

Re: NAT help with PIX 7.0(1)

This is great! Thank you Sir!

211
Views
10
Helpful
8
Replies
CreatePlease to create content