Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT/PAT problem

My pix have 3 interfaces:inside,outside and dmz.I have configured multi-PAT between inside and outside via saming NAT ID.But now I want translate all my internal network addresses to dmz with ONE PAT address with following command:

(conf)#nat (inside) nat_id 0 0

(conf)#global (dmz) nat_id xx.xx.xx.xx

The result is if the internal address has been added to the nat (inside -> outside), it can't reach the dmz.But the static and other internal address can work.Why?

Does nat conflict with different NAT ID translate?

7 REPLIES
Cisco Employee

Re: NAT/PAT problem

Hi,

This should not be the case and the following should work

nat (inside) 25 0 0

global (outside) 25 10.10.10.10

global (dmz) 25 20.20.20.20

Have you tried clearing the translation (clear xlat)?

Thanks

Nadeem

New Member

Re: NAT/PAT problem

Thanks for answering.If the configuration like follow:

nat(inside) 25 0 0

nat(inside) 26 10.10.1.0 255.255.255.0

nat(inside) 27 10.10.2.0 255.255.255.0

global (outside) 25 10.10.10.10

global (outside) 26 10.10.10.11

global (outside) 27 10.10.10.12

global (dmz) 25 20.20.20.20

I would like using only one PAT address in dmz for addressing saving.But the address in net 10.10.1.0/24&10.10.2.0/24 can't reach the dmz.

can you give me some advise for resloving the problem?

Thanks.

Cisco Employee

Re: NAT/PAT problem

Hi,

Try to add the following two as well

global(dmz) 26 20.20.20.20

global(dmz) 27 20.20.20.20

I hope this should fix the issue.

Thanks

Nadeem

New Member

Re: NAT/PAT problem

Hi,I try to add just like your advise,but the system info:global for this range already exists. So can't use one global address for multi-translation.I use pixos 6.3.3.

New Member

Re: NAT/PAT problem

If you only have one NAT pool defined then this could be a problem.

Cisco Employee

Re: NAT/PAT problem

Hi,

You are right, it is not letting add these globals

global(dmz) 26 20.20.20.20

global(dmz) 27 20.20.20.20

then try to add these

global (dmz) 26 20.20.20.21

global (dmz) 27 20.20.20.22

I hope this will help

Thanks

Nadeem

New Member

Re: NAT/PAT problem

hi,thanks for your advises.At the last, I had to do just like what you said,allocate many REAL ip address for inside usres visiting dmz.

116
Views
0
Helpful
7
Replies