Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 501 nat pat multiple private networks

I want to use pat on multiple vlans from our catalyst 4503. The vlan networks are 10.10.1.0/24, 10.10.2.0/24, etc. Would the inside (nat) 1 just be 10.10.0.0/16 on the pix? But the inside pix int is 10.10.1.2, so not sure that the /16 mask would work. If not, any ideas? Thanks in advance and if anymore info is needed, let me know.

2 REPLIES
New Member

Re: Pix 501 nat pat multiple private networks

Hi,

If u want the nat the entire inside address :

nat(inside) 0 0

global(outside) 1 interface and add access lists on the inside interface to blcck unwanted traffic.

U could also use :

nat (inside )1 10.10.0.0 255.255.0.0

global( outside) 1 interface

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

global(outside) 1 interface

Plz make sure u have an inside route for the 10.10.2.0 network .

In case u want to use separte pat address then plz use :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 2 10.10.2.0 255.255.255.0

global (outside) 1 202.1.1.1

global(outside) 2 202.1.1.2 and the route statement to the 10.10.2.0 network

Raj

New Member

Re: Pix 501 nat pat multiple private networks

This config:

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

How many of the "nat (inside) 1 netid mask" can I have? I plan on having about 5 or 6 vlans. Do I just continue until 10.10.6.0? Thanks Raj

291
Views
0
Helpful
2
Replies