https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777867#M1008360 <HTML><HEAD></HEAD><BODY><P>well does the client just needs inbound access or outbound or both?</P><P></P><P>Secondly how many clients are there in total ?</P></BODY></HTML> Tue, 03 Apr 2007 16:02:10 GMT abinjola 2007-04-03T16:02:10Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777866#M1008359 <P>Network readdress project requires PIX changes. We provide internet access for company w/in our campus (3rd party connect). Currently 3rd party is config'd as "DMZ" on PIX 525.</P><P></P><P>We provide "network management" to the 3rd party by helping their admin do troubleshooting.</P><P></P><P>inside: 10.1.1.1 (existing range)</P><P>inside: 10.50.1.1 (new range)</P><P>outside (3rd party): 172.16.1.1</P><P>200 hosts on 3rd party network coming thru firewall</P><P></P><P>is one-to-one nat the best approach for ease of troubleshooting their connections thru the fw?</P><P></P><P>OR</P><P></P><P>is it best to assign a "global pool" of inside addresses (10.50.1.1) to the fw which, when client on outside connects to internet, etc, would get a 10.50.1.x address?</P><P></P><P>is there a config out there which could help illustrate what i'm trying to acccomplish?</P><P></P><P>thanks for any info.</P> Mon, 11 Mar 2019 09:55:22 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777866#M1008359 tsrader 2019-03-11T09:55:22Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777867#M1008360 <HTML><HEAD></HEAD><BODY><P>well does the client just needs inbound access or outbound or both?</P><P></P><P>Secondly how many clients are there in total ?</P></BODY></HTML> Tue, 03 Apr 2007 16:02:10 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777867#M1008360 abinjola 2007-04-03T16:02:10Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777868#M1008361 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply.</P><P></P><P>Total clients: 200</P><P></P><P>Firewall provides client with internet / server reources (on our side) primarily. Client also has remote users which access their systems in their network...so....</P><P></P><P>client req's BOTH inbound and outbound access</P></BODY></HTML> Tue, 03 Apr 2007 16:25:15 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777868#M1008361 tsrader 2007-04-03T16:25:15Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777869#M1008362 <HTML><HEAD></HEAD><BODY><P>200 different clients behind the FW...and they needs access from outside world..right..?..you need to make a static xlate rules ..if above is this case.</P></BODY></HTML> Tue, 03 Apr 2007 16:37:17 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777869#M1008362 abinjola 2007-04-03T16:37:17Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777870#M1008363 <HTML><HEAD></HEAD><BODY><P>Correct on static xlates although access from "outside world" will only be to 10 servers. The rest of connections will from client network TO outside world.</P><P></P><P>Assuming ip allocation is 10.50.1.0 /24.</P><P>allocate 10 ip's for static xlate</P><P>other 244 are available</P><P></P><P>Is this correct commmand to permit client access:</P><P></P><P>global (outside) 1 10.50.1.0 netmask 255.255.255.0 </P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P></BODY></HTML> Tue, 03 Apr 2007 17:02:48 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777870#M1008363 tsrader 2007-04-03T17:02:48Z https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777871#M1008364 <HTML><HEAD></HEAD><BODY><P>for outbound access use the PAT IP :-</P><P></P><P>nat (inside) 1 0 0 </P><P></P><P>global (outside) 1 interface</P></BODY></HTML> Tue, 03 Apr 2007 17:28:07 GMT https://community.cisco.com/t5/network-security/pix-global-pool/m-p/777871#M1008364 abinjola 2007-04-03T17:28:07Z