Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
2
Replies

two global (outside) command exist ??!

rico_hao40
Level 1
Level 1

‎09-15-2006 12:33 PM - edited ‎03-09-2019 04:13 PM

If I use two global NAT command, how the PIX works to NAT or PAT ???

global (outside) 1 10.0.0.2-10.0.0.10 netmask 255.0.0.0

global (outside) 1 10.0.0.1 netmask 255.0.0.0

thanks.

Labels:
0 Helpful
2 Replies 2

ethiel
Level 3
Level 3

‎09-15-2006 01:13 PM

This will NAT the first 9 users behind .2-.10, then when those 9 IPs are exhausted, it will PAT remaining users behind .1. For your reference:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/gh_711.htm#wp1682258

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎09-15-2006 01:36 PM

Rico,

Rico,

Based upon your configuration, if you have a nat(inside)1 then the addresses from the inside will use Dynamic NAT and PAT.

When the inside addresses make outbound connections, they are translated using the global address pool of 10.0.0.2 - 10.0.0.10 as long as these addresses are available. If all the addresses in the pool are in use, then dynamic PAT takes place using the 10.0.0.1 address.

I hope it helps.

Regards,

Arul

0 Helpful
Customers Also Viewed These Support Documents