PAT using a network number?

huangedmc · ‎02-12-2007

What does it mean when you have a network number as the PAT address?

Will it work?

rleivaoc · ‎02-12-2007

What are you trying to do on the firewall? Can you give more details?

huangedmc · ‎02-13-2007

I'm not trying to change anything, but just want to understand why our NAT/PAT is set up this way by my predecessors:

global (outside) 1 128.230.236.1 - 128.230.236.254

global (outside) 1 128.230.236.0

I understand the first line is for NAT, and the second is for PAT. What I don't understand is why you can use a network address as the PAT IP.

Can anyone please explain? thanks.

gagansethi · ‎02-13-2007

Hi,

Using network address is not possible with Global. You can only use a single ip address for PAT or a range or IP addresses for NAT purpose.

Please refer to the link below for more information on applying NAT:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/cfgnat.htm#wp1067863

Thanks

gagan

huangedmc · ‎02-14-2007

"Using network address is not possible with Global."

I know.

The entry is there already, and I'm asking how in hell could someone have done it on the Pix w/o getting rejected.

huangedmc · ‎02-17-2007

Turns out that PAT IP isn't a network address after all...after double checking the netmask, it's a valid IP address in the middle of a really large subnet.

Nevermind.