Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
220
Views
0
Helpful
1
Replies

nat

feieboy
Level 1
Level 1

‎05-27-2003 07:03 PM - edited ‎03-09-2019 03:26 AM

I'am sorry,my english is very bad.I have a section of common networks address( 171.41.152.1-171.41.159.0,255.255.248.0).I want to use the address( 171.41.159.1-171.41.159.254 255.255.255.0)among them make nat. change inside privately owned address 10.10.0.0 255.255.0.0.

¡¡¡¡Other common networks(171.41.159.1-171.41.158.254) are used for users.

well!

How on pix520 to dispose 172.41.152.1-171.41.158.254 this section of addresses?

is it?

nat (inside) 0 171.41.152.0 255.255.248.0 0 0

static (inside,outside) 171.41.152.0 171.41.152.0 netmask 255.255.248.0 0 0

nat (inside) 1 10.10.0.0 255.255.0.0

global (outside) 1 171.41.159.2-171.41.152.255

global (outside) 1 171.41.159.1

else

nat (inside) 0 171.41.152.0 255.255.255.0 0 0

nat (inside) 0 171.41.153.0 255.255.255.0 0 0

nat (inside) 0 171.41.154.0 255.255.255.0 0 0

nat (inside) 0 171.41.155.0 255.255.255.0 0 0

nat (inside) 0 171.41.156.0 255.255.255.0 0 0

nat (inside) 0 171.41.157.0 255.255.255.0 0 0

nat (inside) 0 171.41.158.0 255.255.255.0 0 0

static (inside,outside) 171.41.153.0 171.41.153.0 netmask 255.255.255.0 0 0

..........

static (inside,outside) 171.41.158.0 171.41.158.0 netmask 255.255.255.0 0 0

nat (inside) 1 10.10.0.0 255.255.0.0

global (outside) 1 171.41.159.2-171.41.152.255

global (outside) 1 171.41.159.1

Thanks

Labels:
0 Helpful
1 Reply 1

chunt
Level 1
Level 1

‎05-29-2003 11:17 AM

Is this for outbound connections only?

If so, you should only need two to three lines:

global (outside) 1 171.41.159.1-171.41.159.254 netmask 255.255.248.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

The above will only get you 255 usable outgoing connections. If you need more since you're have a class B worth of users you can do the following:

global (outside) 1 171.41.159.1-171.41.159.253 netmask 255.255.248.0

global (outside) 1 171.41.159.254 netmask 255.255.248.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

The second global statement provides a PAT address for overflow giving you 65791 usable outgoing connections.

More info:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/gl.htm#xtocid1

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents