Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PAT and NAT on the same interface?

Hi,

Can I have NAT and PAT configured to run on the same interface on a PIX firewall?

Is this correct?

global (outside) 1 xxx.xxx.xxx.xxx-xxx.xxx.xxx.yyy netmask 255.255.255.240

global (outside) 1 xxx.xxx.xxx.zzz netmask 255.255.255.240

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

I have a PIX 515 with two interfaces running PIX Version 4.4(7)

Thanks in advance

Faustino

4 REPLIES
New Member

Re: PAT and NAT on the same interface?

Looks good to me. However, you may only want to use PAT and save some of your routable IP's. Running NAT and PAT seems like a waste of address space.

New Member

Re: PAT and NAT on the same interface?

You can use both NAT and PAT in the same interface if you are planning to use H.323 applications in your network pass through the firewall since those types of applications and some other Video and Audio Applications does not work with PAT and works only with NAT.

New Member

Re: PAT and NAT on the same interface?

Hi,

for me, you must use 2 different source network for nat command, and also two different nat identifier.

regards,

Graz.

New Member

Re: PAT and NAT on the same interface?

Yes, that is a correct configuration. Just remember when you do NAT and PAT on an interface, the interface will use up all the NAT addresses before it will use the PAT addresses, regardless of the order of global entries. The PAT addresses, when used with NAT addresses, act like a backup. Because like a previous reply stated, there are some things you can only do with a true NAT that a PAT won't do.

125
Views
0
Helpful
4
Replies
CreatePlease login to create content