I remember this from the some time ago. I tried it once and discovered that the last statement was redundant. It did PAT with the last address anyway. Not sure whether this is an IOS dependant thing or just a myth from the past (or possibly I'm wrong. I'll have to try it again some time. Unfortunately I'm working away on a 'Pixless' site at the moment.)
Anybody confirm or ridicule? Cheers, Gaz ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Quick note. The second command will only allow 50 NAT translations at a > time. Once 50 are full, then everyone else gets denied. > If you were to combine the 2 statements into: > > Global (outside) 1 192.168.1.1-192.168.1.49 netmask 255.255.255.0 > Global (outside) 1 192.168.1.50 netmask 255.255.255.0 > Nat (inside) 1 0 0 > > This will cause the first 49 address's to get used for NAT, while the .50 > will become an overflow, or overload/PAT address. > The NAT will always be used before the PAT session is used as well. > > > Thanks > > Larry > > -----Original Message----- > From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 18, 2002 9:27 AM > To: [EMAIL PROTECTED] > Subject: RE: NAT & PIX [7:38633] > > > Yes, > > With the two commands NAT and GLOBAL, you can specify exactly what you need: > > global (outside) 1 192.168.1.200 netmask 255.255.255.255 > > This will translate the inside address(es) specified with the NAT command to > ONE outside address. > > nat (inside) 1 0 0 > > This will translate all inside addresses to the address(es) specified with > the GLOBAL command. > > If you want every pc on the inside network to translate to 1 public address > (192.168.1.200) use these two commands: > > global (outside) 1 192.168.1.200 netmask 255.255.255.255 > nat (inside) 1 0 0 > > If you want every pc on the inside network to translate to 1 out of 50 > public addresses (192.168.1.201 thru 192.168.1.250) use these two commands: > > global (outside) 1 192.168.1.201-192.168.1.250 netmask 255.255.255.0 > nat (inside) 1 0 0 > > Hth, > > Ole > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Ole Drews Jensen > Systems Network Manager > CCNP, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > http://www.RouterChief.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Need a Job? > http://www.OleDrews.com/job > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > > > -----Original Message----- > From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 18, 2002 4:18 AM > To: [EMAIL PROTECTED] > Subject: NAT & PIX [7:38633] > > > Hi > > I have a PIX firewall, and am using nat to let my clients access the > internet, but now I need to connect about a 100 clients, bases in an wan of > more than 50 places, all to the internet through the same ip address, > > so the question is, can I have some sort of a NAT list letting all the 100 > ip addresses get on the net through the one public address ?? > > Best regards ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38666&t=38633 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
