Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
The PIX Firewall 500 series does not pass PAT traffic. SSH and Telnet connections fail in the PIX with software version 6.x
What is PAT?
PAT is a concept used in networking. It can be defined as a feature of a given network device with which the device translates the TCP or UDP communications that are made between the hosts on a private and host on a public network. PAT finds wider usage in the LAN technology and it allows multiple hosts of a private network to use a single public IP address.
PAT technology finds its use in the software firewalls and the broadband network devices. The main advantage of PAT is that it allows multiple hosts to share a common public IP and saves the wastage of IP for the users who do not need support for inbound connections. Somehow the implementation of PAT in a network increases the firewall complexity and in addition to that PAT do suffers from scalability issues.
Port address transaction is a process of rewriting a port numbers to random number. Pat will translate the port .It allows a single public IP address to be used by many hosts on the private network
local private hosts 192.168.0.1 and 192.168.0.2 both send packets from source port 5000. A NAPT device might translate these to a single public IP address 22.214.171.124 but two different source ports, say 5998 and 5999. Response traffic received for port 5998 is routed to 192.168.0.1 while port 5999 traffic is routed to 192.168.0.1
Static Network Address Translation (NAT) works in PIX Firewall version 6.3(1). However, global Port Address Translation (PAT) does not work properly.
When the PIX configuration is changed to use global PAT, all Telnet and Secure Shell (SSH) connections fail.
Note: Even the clear xlate command does not resolve the issue.
For a workaround, upgrade the PIX software to version 6.3(3) or later.