Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help with "Global" command

Hi

I'm doing the following in my new DMZ:

nat (dmz2) 0 x.x.x.64 255.255.255.240 0 0

My question is do I need a "global" statement with the above nat?

My Take on the above is that I don't need one, however there is another dmz configured on the pix and that has disabled nat aswell, but has a "global" command attached to it. So I'm rather confused.

Any help would be appreciated

Thanks

Dan

1 REPLY

Re: Help with "Global" command

Hi,

The nat command identifies the local addresses for translation using dynamic NAT or port address translation (PAT). The global command identifies the global addresses used for translation on a given destination interface. Each nat statement matches a global statement by comparing the NAT ID on each statement.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1032129

In your case, the 'nat (dmz2) 0 x.x.x.64 255.255.255.240 ' doesn't need global command.

No nat translation normally applicable if both segment has similar network address, e.g your dmz2 running on public IP. Therefore, no nat is not required to go to the internet.

Rgds,

AK

97
Views
0
Helpful
1
Replies
CreatePlease to create content