Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
What does the following statement means on the pix firewall ? For example
global outside 2 22.214.171.124-126.96.36.199 netmask 255.255.255.240
Does the above mean that we have got two address 188.8.131.52 and 184.108.40.206 for the firewall to use for natting. (I know about what 2 means in the statement).
That means that the source network that falls under your nat will be able to get translated to those two addresses only. If you have 10 inside hosts trying to go out to the internet only two will be able to do it at the same time since they are all sharing the two global addresses.
Is that clear?
Sent from Cisco Technical Support iPhone App
You are absolutely correct.
Only 2 ip addresses can be used for NATing and if you have any subsequent packet that needs to be translated, then it will fail unless if you configure PAT, eg:
global (outside) 2 interface
global (outside) 2 220.127.116.11