Explanation on NAT Statement

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Post Reply
Guest

Explanation on NAT Statement

Post by Guest » Fri Jan 07, 2011 1:43 pm

Hi Guys,

 

What does the following statement means on the pix firewall ? For example

 

global outside 2 67.75.236.193-67.75.236.194 netmask 255.255.255.240

 

Does the above mean that we have got two address 67.75.236.193 and 67.75.236.194 for the firewall to use for natting. (I know about what 2 means in the statement).

 

Tks


Guest

Re:Explanation on NAT Statement

Post by Guest » Fri Jan 07, 2011 2:02 pm

That means that the source network that falls under your nat will be able to get translated to those two addresses only. If you have 10 inside hosts trying to go out to the internet only two will be able to do it at the same time since they are all sharing the two global addresses.

 

Is that clear?

 

Sent from Cisco Technical Support iPhone App


Guest

Re:Explanation on NAT Statement

Post by Guest » Fri Jan 07, 2011 2:55 pm

You are absolutely correct.

Only 2 ip addresses can be used for NATing and if you have any subsequent packet that needs to be translated, then it will fail unless if you configure PAT, eg:

 

global (outside) 2 interface

 

OR/


global (outside) 2 67.75.236.195


Post Reply