Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX 6.3 NAT/PAT Question

I currently have these statement in my config:

global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.67   
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224

This works fine, but I would like to have both nat statements translate to 192.168.10.5. Are the statements below the correct way to accomplish this?:

global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5   
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 6.3 NAT/PAT Question

Both globals cannot be the same. You will get this error message

"global for this range already exists"

All you need is the second "nat" line.That is all.

You have the following:

global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5    ------------->remove
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224 ------->change the ID from 61 to 1

You need the following:

global (outside) 1 192.168.10.5     
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 1 10.156.28.0 255.255.255.224

3 REPLIES
Cisco Employee

Re: PIX 6.3 NAT/PAT Question

That is corrent.

Make sure 192.168.10.5 is not the interface ip address (it is probably not since it is working for the other global) and you will be ok.

I hope it helps.

PK

Cisco Employee

Re: PIX 6.3 NAT/PAT Question

Both globals cannot be the same. You will get this error message

"global for this range already exists"

All you need is the second "nat" line.That is all.

You have the following:

global (outside) 1 192.168.10.5   
global (outside) 61 192.168.10.5    ------------->remove
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 61 10.156.28.0 255.255.255.224 ------->change the ID from 61 to 1

You need the following:

global (outside) 1 192.168.10.5     
nat (inside) 1 10.156.16.0 255.255.255.0
nat (inside) 1 10.156.28.0 255.255.255.224

New Member

Re: PIX 6.3 NAT/PAT Question

That worked.  Thank you.

869
Views
0
Helpful
3
Replies
CreatePlease to create content