Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can I Configure a NAT Pool on a PIX Firewall in a Range of Class B Addresses and Exclude a Range of Class C Addresses ?

I am running PIX Firewall Software version 5.0.3.

For example, can I do:

<pre>

nat pool 172.30.0.0 255.255.0.0

</pre>

but exclude:

<pre>

172.30.16.0 255.255.255.0

</pre>

1 REPLY
Anonymous
N/A

Re: Can I Configure a NAT Pool on a PIX Firewall in a Range of C

No, you cannot exclude a certain class C address range from the class B address range. But you can

use the appropriate network mask to achieve the same result. For processing efficiency, you should

reorder from least specific to more specific. Consult the following example:

nat (inside) 1 172.30.0.0 255.255.240.0

nat (inside) 1 172.30.17.0 255.255.255.0

nat (inside) 1 172.30.18.0 255.255.255.0

nat (inside) 1 172.30.19.0 255.255.255.0

nat (inside) 1 172.30.20.0 255.255.252.0

nat (inside) 1 172.30.24.0 255.255.248.0

nat (inside) 1 172.30.30.0 255.255.128.0

nat (inside) 1 172.30.128.0 255.255.128.0

309
Views
0
Helpful
1
Replies