07-09-2003 01:07 PM - edited 02-20-2020 10:50 PM
My PIX configuration has two global and two nat parameters.
global (outside) 1 65.209.4.220-65.209.4.253 netmask 255.255.255.192
global (outside) 1 65.209.4.254 netmask 255.255.255.192
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (intf2) 1 0.0.0.0 0.0.0.0 0 0
I can understand the two nat commands more or less, but I can't figure out why the two global commands and what they do. Can anyone clarify?
Jim
609-896-2404 x1279
Solved! Go to Solution.
07-09-2003 08:25 PM
Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.
Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.
So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.
Hope this clears up.
thanks,
yatin
07-10-2003 12:30 AM
Hi,
the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).
If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254
Kind Regards,
Tom
07-09-2003 02:07 PM
nat(inside) will qualify the hosts behind the "inside" interface to be NATed to those in the global pool and go out.
nat(intf2) will qualify the hosts behind the "intf2" interface to be NATed to those in the global pool and go out.
Thanks,
yatin
07-09-2003 02:24 PM
Thank you. I did assume that the NAT commands worked that way, but the GLOBAL commands are more of a mystery. It seems as though my external IP address is always 65.209.4.254...leading me to believe there may be something wrong...perhaps wth the two GLOBALS....
07-09-2003 08:25 PM
Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.
Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.
So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.
Hope this clears up.
thanks,
yatin
07-10-2003 12:30 AM
Hi,
the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).
If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254
Kind Regards,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide