04-04-2002 09:50 AM - edited 03-08-2019 10:14 PM
Hi,
Can I have NAT and PAT configured to run on the same interface on a PIX firewall?
Is this correct?
global (outside) 1 xxx.xxx.xxx.xxx-xxx.xxx.xxx.yyy netmask 255.255.255.240
global (outside) 1 xxx.xxx.xxx.zzz netmask 255.255.255.240
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
I have a PIX 515 with two interfaces running PIX Version 4.4(7)
Thanks in advance
Faustino
04-04-2002 11:45 AM
Looks good to me. However, you may only want to use PAT and save some of your routable IP's. Running NAT and PAT seems like a waste of address space.
04-05-2002 11:46 PM
You can use both NAT and PAT in the same interface if you are planning to use H.323 applications in your network pass through the firewall since those types of applications and some other Video and Audio Applications does not work with PAT and works only with NAT.
04-08-2002 07:01 AM
Hi,
for me, you must use 2 different source network for nat command, and also two different nat identifier.
regards,
Graz.
04-09-2002 10:57 AM
Yes, that is a correct configuration. Just remember when you do NAT and PAT on an interface, the interface will use up all the NAT addresses before it will use the PAT addresses, regardless of the order of global entries. The PAT addresses, when used with NAT addresses, act like a backup. Because like a previous reply stated, there are some things you can only do with a true NAT that a PAT won't do.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide