Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Overloading an IP address on PIX 525

Can you overload an external IP address on the PIX 525?

2 REPLIES
New Member

Re: Overloading an IP address on PIX 525

Don't think so. Its NAT doesn't quite behave the same

on a Pix as is does on a router. If you have some

address limitations, do this:

set up a global pool but don't use all the registered

addresses.

save a registered address for Port Address Translation. There should be an example in the book

New Member

Re: Overloading an IP address on PIX 525

There are a few things to consider when using PAT:

The IP addresses you specify for PAT cannot be in another global address pool.

PAT does not work with H.323 applications and caching nameservers. PAT works with Domain Name Service (DNS), FTP and passive FTP, HTTP, mail, remote-procedure call (RPC), rshell, Telnet, URL filtering, and outbound traceroute.

Do not use PAT when multimedia applications need to be run through the firewall. Multimedia applications can conflict with port mappings provided by PAT.

In PIX software release 4.2(2), the PAT feature did not work with IP data packets that arrived in reverse order. This problem is corrected in release 4.2(3).

IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently.

For example, if a global IP adddress is 175.1.1.3 and the domain name for the PIX firewall is pix.caguana.com, the PTR record would be:

3.1.1.175.in-addr.arpa. IN PTR pix3.caguana.com

4.1.1.175.in-addr.arpa. IN PTR pix4.caguana.com & so on.

113
Views
0
Helpful
2
Replies