Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member


Will this static config work based on the defined global & nat command?

global (outside) 1 netmask

global (ssn) 1 netmask

nat (inside) 1 16384 11468

nat (ssn) 1 16384 11468


static (ssn,outside) netmask 0 0

New Member

Re: PAT-config

By using addresses within the same range (both in you created a conflict. Could you state which addresses (and mask) you are using your each network?

New Member

Re: PAT-config

Can this conflict be resolved by creating two seperate nat id ?

Also, those global addresses are my public and they all are 16 bit masks.

New Member

Re: PAT-config

I'm sure the whole /16 isn't in front on the PIX in one lump.

A basic config could be:

- SSN is A.B.C.1/24

- Outside is Z.Y.X.1/28

Then the PAT rules could be:

nat (inside) 1 0 0

global (outside) 1 interface

global (ssn) 1 interface

This is assuming that the basic security policy is:

- inside to SSN allow, hide behind PAT

- inside to outside allow, hide behind PAT

Are there any other connections required?

New Member

Re: PAT-config

The concept is to hide ssn(dmz) and have their addresses translated to an outside address. Likewise to have internal be translated to an outside address.

also, to use specific stactic commands to to map individual hosts on the DMZ with a known public address.

I know that the /16 is a lot, but that's what the client has. I will investigate this part with the client.

CreatePlease to create content