Pix 501 nat pat multiple private networks

rhopkins_nci · ‎09-17-2007

I want to use pat on multiple vlans from our catalyst 4503. The vlan networks are 10.10.1.0/24, 10.10.2.0/24, etc. Would the inside (nat) 1 just be 10.10.0.0/16 on the pix? But the inside pix int is 10.10.1.2, so not sure that the /16 mask would work. If not, any ideas? Thanks in advance and if anymore info is needed, let me know.

rajbhatt · ‎09-17-2007

Hi,

If u want the nat the entire inside address :

nat(inside) 0 0

global(outside) 1 interface and add access lists on the inside interface to blcck unwanted traffic.

U could also use :

nat (inside )1 10.10.0.0 255.255.0.0

global( outside) 1 interface

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

global(outside) 1 interface

Plz make sure u have an inside route for the 10.10.2.0 network .

In case u want to use separte pat address then plz use :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 2 10.10.2.0 255.255.255.0

global (outside) 1 202.1.1.1

global(outside) 2 202.1.1.2 and the route statement to the 10.10.2.0 network

Raj

rhopkins_nci · ‎09-18-2007

This config:

But a better config would be :

nat (inside) 1 10.10.1.0 255.255.255.0

nat (inside) 1 10.10.2.0 255.255.255.0

How many of the "nat (inside) 1 netid mask" can I have? I plan on having about 5 or 6 vlans. Do I just continue until 10.10.6.0? Thanks Raj