Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
4
Replies

PIX global and nat parameters

Go to solution
cisco-miix
Level 1
Level 1

‎07-09-2003 01:07 PM - edited ‎02-20-2020 10:50 PM

My PIX configuration has two global and two nat parameters.

global (outside) 1 65.209.4.220-65.209.4.253 netmask 255.255.255.192

global (outside) 1 65.209.4.254 netmask 255.255.255.192

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (intf2) 1 0.0.0.0 0.0.0.0 0 0

I can understand the two nat commands more or less, but I can't figure out why the two global commands and what they do. Can anyone clarify?

Jim

jconstan@miix.com

609-896-2404 x1279

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ywadhavk
Cisco Employee
Cisco Employee
In response to cisco-miix

‎07-09-2003 08:25 PM

Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.

Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.

So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.

Hope this clears up.

thanks,

yatin

View solution in original post

0 Helpful

Go to solution
tvanginneken
Level 4
Level 4

‎07-10-2003 12:30 AM

Hi,

the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).

If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254

Kind Regards,

Tom

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ywadhavk
Cisco Employee
Cisco Employee

‎07-09-2003 02:07 PM

nat(inside) will qualify the hosts behind the "inside" interface to be NATed to those in the global pool and go out.

nat(intf2) will qualify the hosts behind the "intf2" interface to be NATed to those in the global pool and go out.

Thanks,

yatin

0 Helpful

Go to solution
cisco-miix
Level 1
Level 1
In response to ywadhavk

‎07-09-2003 02:24 PM

Thank you. I did assume that the NAT commands worked that way, but the GLOBAL commands are more of a mystery. It seems as though my external IP address is always 65.209.4.254...leading me to believe there may be something wrong...perhaps wth the two GLOBALS....

0 Helpful

Go to solution
ywadhavk
Cisco Employee
Cisco Employee
In response to cisco-miix

‎07-09-2003 08:25 PM

Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.

Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.

So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.

Hope this clears up.

thanks,

yatin

0 Helpful

Go to solution
tvanginneken
Level 4
Level 4

‎07-10-2003 12:30 AM

Hi,

the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).

If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card