Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX global and nat parameters

My PIX configuration has two global and two nat parameters.

global (outside) 1 65.209.4.220-65.209.4.253 netmask 255.255.255.192

global (outside) 1 65.209.4.254 netmask 255.255.255.192

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (intf2) 1 0.0.0.0 0.0.0.0 0 0

I can understand the two nat commands more or less, but I can't figure out why the two global commands and what they do. Can anyone clarify?

Jim

jconstan@miix.com

609-896-2404 x1279

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: PIX global and nat parameters

Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.

Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.

So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.

Hope this clears up.

thanks,

yatin

Re: PIX global and nat parameters

Hi,

the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).

If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254

Kind Regards,

Tom

4 REPLIES
Cisco Employee

Re: PIX global and nat parameters

nat(inside) will qualify the hosts behind the "inside" interface to be NATed to those in the global pool and go out.

nat(intf2) will qualify the hosts behind the "intf2" interface to be NATed to those in the global pool and go out.

Thanks,

yatin

Community Member

Re: PIX global and nat parameters

Thank you. I did assume that the NAT commands worked that way, but the GLOBAL commands are more of a mystery. It seems as though my external IP address is always 65.209.4.254...leading me to believe there may be something wrong...perhaps wth the two GLOBALS....

Cisco Employee

Re: PIX global and nat parameters

Oh I should have read your question more carefully. The 1st Global is allocating the addresses to the hosts from inside and from intf2.

Once the pool is out of address, then it will use the 2nd global and this will now start doing PATing rather than NATing as was the case in the 1st global.

So in effect, until all the addresses in the global pool are exhausted, all these host will be NATed. After that, the new hosts going out will be PATed with the .254 address.

Hope this clears up.

thanks,

yatin

Re: PIX global and nat parameters

Hi,

the first 33 hosts (220 to 253)that go to the outside get NATTED (one-to-one translation).

If the NAT pool is exhausted, then all the other hosts that connect to the outside get PATTED (many-to-one translation) behind 65.209.4.254

Kind Regards,

Tom

236
Views
0
Helpful
4
Replies
CreatePlease to create content