Re: PAT and NAT on the same interface?

fdina · ‎04-04-2002

Hi,

Can I have NAT and PAT configured to run on the same interface on a PIX firewall?

Is this correct?

global (outside) 1 xxx.xxx.xxx.xxx-xxx.xxx.xxx.yyy netmask 255.255.255.240

global (outside) 1 xxx.xxx.xxx.zzz netmask 255.255.255.240

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

I have a PIX 515 with two interfaces running PIX Version 4.4(7)

Thanks in advance

Faustino

thompson · ‎04-04-2002

Looks good to me. However, you may only want to use PAT and save some of your routable IP's. Running NAT and PAT seems like a waste of address space.

kjanakiraman · ‎04-05-2002

You can use both NAT and PAT in the same interface if you are planning to use H.323 applications in your network pass through the firewall since those types of applications and some other Video and Audio Applications does not work with PAT and works only with NAT.

g.rodegari · ‎04-08-2002

Hi,

for me, you must use 2 different source network for nat command, and also two different nat identifier.

regards,

Graz.

justin-brady · ‎04-09-2002

Yes, that is a correct configuration. Just remember when you do NAT and PAT on an interface, the interface will use up all the NAT addresses before it will use the PAT addresses, regardless of the order of global entries. The PAT addresses, when used with NAT addresses, act like a backup. Because like a previous reply stated, there are some things you can only do with a true NAT that a PAT won't do.